Exploit Title: XCOMM Sql Injection
Dork Added From ElSyad
"Google Dork: inurl:?id= "Designed & Developed by: XCOMM
Date: 24/09/2015
Exploit Author: Houssem_Rx
/Vendor Homepage: http://xcomm.net.pk
Version: All Versions
CVE: N/A
Category: webapps
Contact: https://www.facebook.com/rx028
Tested on: Windows 7
+----------------------+
Exploitation Details
+----------------------+
Normal user can inject sql query in the url which lead to read data from the database.
----------------------+
Proof of Concept
+----------------------+
Find any file with ?id= or with = and simply add ' .all files are vulnerable.
Examples:
http://target.com/file_name?id=1
http://target.com/text.php?TID=1 then add '
+----------------------+
Login
+----------------------+
http://target.com/admin/
Or use Your Mind ;)
#####################################
Houssem_Rx - Houssem Ben Hmida
#####################################
اخى الكريم , قبل اضافة التعليق تذكر قول الله تعالى "ما يلفظ من قول الا لديه رقيب عتيد"