exploit the possibilities

TotalComfortSolutions Company 1.0 SQL Injection

TotalComfortSolutions Company 1.0 SQL Injection
Posted Dec 31, 2018
Authored by KingSkrupellos

TotalComfortSolutions Company version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e5b91b2f241d9958fbaf8f22046c5388

TotalComfortSolutions Company 1.0 SQL Injection

Change Mirror Download
############################################################

# Exploit Title : TotalComfortSolutions Company 1.0 SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Date : 30/12/2018
# Vendor Homepages : totalcomfortsolutions.com
# Tested On : Windows and Linux
# Exploit Risk : Medium
# Category : WebApps
# Version Information : jQuery 1.4.11 - CodeIgniter - ExpressionEngine CMS
# CWE : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
# CXSecurity Exploit Reference Link : cxsecurity.com/ascii/WLB-2018050285

############################################################

Total Comfort Solutions A Commercial Heating and
Air Conditioning Company SQL Injection Vulnerability

############################################################

# Description About the Product : Total Comfort Solutions
offers the skilled development and delivery of innovative Heating,
Ventilation, and Air Conditioning (HVAC) solutions to clients
across South Carolina and eastern Georgia.

Total Comfort Solutions, a commercial heating and
air conditioning (HVAC) company, services, repairs, and performs
preventative maintenance focusing on Healthcare,
Industrial, Office buildings and Data centers in Charleston,
Columbia, Florence, Myrtle Beach, SC and Augusta, GA.

############################################################

# Google Dork 1 : inurl:''/totalcomfort/aboutus.php?id=''

# Google Dork 2 : inurl:''/totalcomfort/resources.php?id=''

# Google Dork 3 : intext:''Total Comfort Solutions'''

# Exploit : /totalcomfort/aboutus.php?id=[SQL Injection]

# Exploit : /totalcomfort/resources.php?id=[SQL Injection]

############################################################

# Example Site =>

dealerbranded.com/totalcomfort/aboutus.php?id=101%27

[ Proof of Concept for SQL Injection ] => archive.is/OZwf1

############################################################

# Error : You have an error in your SQL syntax; check
the manual that corresponds to your MySQL
server version for the right syntax to use near ''444''
or navigation.pagename = ''' at line 1

############################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

############################################################

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    2 Files
  • 18
    Feb 18th
    27 Files
  • 19
    Feb 19th
    32 Files
  • 20
    Feb 20th
    15 Files
  • 21
    Feb 21st
    17 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close