ellistonSPORT Remote SQL Injection Vulnerability

2012-01-03 00:15:05

ellistonSPORT Remote SQL Injection Vulnerability


Software : ellistonSPORT
Date : 4/1/2012
Vendor : http://ellistonsport.com/
Get App. : http://ellistonsport.com/pricing.php
Price : $59.99
Dork : inurl:"/showPlayer.php?id=" intext:"powered by ellistonSPORT"
Author : ITTIHACK
Home : http://ittihack.com


Vulnerable file : showPlayer.php | showPage.php | showNews.php

Exploit : http://site/[path]/showPlayer.php?id=[SQLi]
http://site/[path]/showPage.php?id=[SQLi]
http://site/[path]/showNews.php?id=[SQLi]



#Greatz to: ___ ____ ____
#````______/```\__//```\__/____\
#``_/```\_/``:```````````//____\
#`/|``````:``:``..``````/ Reinie \
#|`|`````::`````::``````\````````/
#|`|`````:|`````||`````\`\______/
#|`|`````||`````||``````|\``/``|
#`\|`````||`````||``````|```/`|`\
#``|`````||`````||``````|``/`/_\`\
#``|`___`||`___`||``````|`/``/````\
#```\_-_/``\_-_/`|`____`|/__/``````\
#````````````````_\_--_/````\`````/
#```````````````/____```````````/
#``````````````/`````\`````````/
#``````````````\______\_______/

Fixes

No fixes

In order to submit a new fix you need to be registered.