edendesign website SQLi

2018.05.30

Arm_Legi (CH)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title:  edendesign website SQLi
# dork : intext:"Website by Eden Design"
# Exploit Author: Arm_Legi (Anonplus) 
# Website: http://anonplus.tk/ 
# Date: 29 May 2018 
# Vendor : https://www.edendesign.it/
# Version : Last Version 
# CVE:N/A 
Technical Details & Description: 
 ===================================================================================================================== 
 A remote sql-injection web vulnerability has been discovered in a web app of https://www.edendesign.it/ 
 The vulnerability allows remote attackers to inject own malicious sql commands to compromise the connected web-server or dbms. 
 ===================================================================================================================== 
 Request Method(s): 
 [+] GET 
 
 Vulnerable File(s):
 [+]index.php
 [+]page.php
 [+]contatti.php
 [+]contact.php
 [+]home.php
 [+] Probably others
 Vulnerable Parameter(s): 
 [+]lang_id
 [+]pag_id
 =====================================================================================================================
 Demo:
 http://www.miniartextil.it/detail.php?ev_id=93%27
 https://comosuitehome.com/index.php?lang_id=2%27
 http://www.roll-star.ch/contatti.php?lang_id=1%27
 http://www.villacarlotta.it/page.php?pag_id=13&sez_id=14&lang_id=2 <---(Sqli in 2 params, pag_id and lang_id)
 http://www.cirrh.org/home.php?lang_id=1

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

edendesign website SQLi

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

edendesign website SQLi

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.