Mushoq websites get SQL injection

2015.11.29

Credit: Timoumi Houcem

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: inurl:"index.php?idSeccion="

# Exploit Title: Mushoq websites get SQL injection
# Google Dork: inurl:"index.php?idSeccion="
# Vulnerable parameter : idSeccion
# Date: 29-11-2015
# Exploit Author: Timoumi Houcem
# Contact: www.facebook.com/houcem.radikali
# Version: all versions
# Tested on: kali linux OS,iceweasel browser
# EXAMPLE : http://www.briggs.com.ec/index.php?idSeccion=21
# EXPLOIT :
all websites powered by mushoq company are vulnerable to sql injection by GET method, some websites are protected by WAF, but we can bypass it and dump databases.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Mushoq websites get SQL injection

Dork: inurl:"index.php?idSeccion="

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.