ellistonSPORT Remote SQL Injection Vulnerability

2012.01.04

Credit: ITTIHACK

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

ellistonSPORT Remote SQL Injection Vulnerability
Software : ellistonSPORT
Date : 4/1/2012
Vendor : http://ellistonsport.com/
Get App. : http://ellistonsport.com/pricing.php
Price : $59.99
Dork : inurl:"/showPlayer.php?id=" intext:"powered by ellistonSPORT"
Author : ITTIHACK
Home : http://ittihack.com
Vulnerable file : showPlayer.php | showPage.php | showNews.php
Exploit : http://site/[path]/showPlayer.php?id=[SQLi]
http://site/[path]/showPage.php?id=[SQLi]
http://site/[path]/showNews.php?id=[SQLi]

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

ellistonSPORT Remote SQL Injection Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.