Design By Julyinfo. - SQL Injection Vulnerability

CVE	Category	Price	Severity
N/A	CWE-89	N/A	N/A

Author	Risk	Exploitation Type	Date
JulyInfo	High	Remote	2019-11-17

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019110113

Below is a copy:

Design By Julyinfo. - SQL Injection Vulnerability

---------------------------------------------------------
# Exploit Title: Design By Julyinfo. - SQL Injection Vulnerability
# Date: 2019-11-14
# Exploit Author: FreeBuzz Team
# Vendor Homepage: http://www.websmileindia.com/
# Team Mail : [email protected]
# Tested on: Ubuntu
---------------------------------------------------------
Google Dork:
intext:"Design By Julyinfo" inurl:".php?id=
inurl:"/mana_php/" [This admin page you can find it then browser SQL parameters in Home page]

-

Demo:
http://www.realycorp.com.tw/works_detial.php?b_id=36[SQLi]
http://www.depoan.com/news-detial.php?newId=96[SQli]
https://www.twsgi.org.tw/news-detail.php?n_id=7998[SQli]
http://www.unionchemical.com.tw/products_list_food.php?level1_id=10[SQli]
http://www.labvolt-taiwan.com/new_info.php?b_id=24[SQLi]


----------------------------------------------------------
# Discovered by Unkn0wn[[email protected]]
# https://github.com/0x9a
# We Are : AloneGhost - VeNoM - Agent Haze - Old_One - Unkn0wn
 FreeBuzz Team @ 2012-2019 [FRB]

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum