Exploits / Vulnerability Discovered : 2021-10-08 |
Type : webapps |
Platform : php
This exploit / vulnerability Ifsc code finder project 1.0 sql injection (unauthenticated) is for educational purposes only and if it is used you will do on your own risk!
1) Navigate to http://127.0.0.1/ifscfinder/ enter any number in search field and capture request in burpsuite.
2) Paste below request into burp repeater and also create a txt file and paste this request.
--------------------------------------------------------------------------------
3) You will see a time delay of 20 Sec in response.
4) python sqlmap.py -r request.txt -p searchifsccode --dbs
5) We can retrieve all databases using above sqlmap command
Ifsc code finder project 1.0 sql injection (unauthenticated)