# Title: Des-Click 1.0.0 - Error Based SQL Injection Vulnerability
# Date: 2020-02-09
# Author: Smog
# Vendor Homepage: https://www.des-click.com/
# Tested on: Windows 10 / Linux
# Versions: 1.0.0
# Vulnerable Parameter: "id_famille" (Get Method)
# CVE: N/A


Dorks : inurl:"mobile/produit.php?id_famille="
intext:"Copyright des-click"

POC :

This Error-based SQL Injection is really simple to exploit, and it can be done by everyone who knows sqlmap or manual injections.

How to exploit :
 
The main error is on the "id_famille=" parameter exploitable only by get method, that stands out an integer.
This is not a blind SQLi so there will be an error showed after the execution of a milicious query, like " ' ". The server will automaticly send an error of SELECT query :
 
SELECT id_genre FROM `*table-name*_genre_famille` WHERE id_resto=<integer> AND id_famille=<integer>'
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''<integer>''' at line <line>
 
It says that the SQL synthax is badly made because of the malicious injected payload :
The query is cutted in the start because of the GET parameter you had put.
 
More :

Administration panel : localhost/admin/
 
(Admin password are hashed in the database)

Exploit is here : localhost/mobile/produit.php?id_famille=<integer>

Twitter : twitter.com/sm0g3uh