Prime RADIO SQL Injection

2012-09-02T00:00:00
ID PACKETSTORM:116184
Type packetstorm
Reporter Prince
Modified 2012-09-02T00:00:00

Description

                                        
                                            `# Exploit Title: Prime RADIO SQLi Vulnerability  
# Date: 09/02/2012  
# Author: Persia Security Group - (Prince & mafia1990)  
# Vendor Homepage: http://www.primeradio.com.au/  
# Version: All Version  
# Google Dork: intext:prime radio site:.au  
# Tested on: CentOS 5.7,Ubuntu,Debian  
==========================================================================================  
Vulnerability Details  
==========================================================================================  
  
/*********/  
intext:prime radio site:.au  
/*********/  
This website published for Radio Station  
have SQLi vulnerability in param[ID] && ==> .!..  
  
Technology: PHP & Mysql  
  
Example:  
  
http://www.site.com/feature.php?Title=.!..&ID=175[SQLi]  
http://www.site.com/feature.php?ID=XX[SQLi]  
  
Demo:  
http://www.radiozinc.com.au/mackay/feature.php?ID=10  
  
http://www.radiozinc.com.au/mackay/feature.php?Title=Busby%20Marou%20Mini%20Concert!&ID=175  
==========================================================================================  
`