Full Site for Restaurant SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Full Site for Restaurant SQL Injection Vulnerability
# Published : 2010-06-11
# Author : L0rd CrusAd3r
# Previous Title : DaLogin Multiple Vulnerabilities
# Next Title : ardeaCore 2.2 Remote File Inclusion Vulnerability

Vendor url:http://www.mformula.com.br/
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to
all ICW & AH members.
Spl Greetz to:inj3ct0r.com Team

#####################################################################################################################################################################################################

Description:

* Full Site for Restaurant SQL Injection Vulnerability *

Internal system for total administration of the site, Available site in the
languages Portuguese, Espa?ol, English, Japanese, French, Italian and
German, Unlimited Extra Pages and Sub Pages, Menu OnLine, Unlimited Gallery
of Photos Code: PHP 5.0
#######################################################################################################################################################################################################

Vulnerability:

*SQLi Vulnerability

DEMO URL :

http://server/?lang=[sqli]

http://server/extrapage.php?cat_id=[sqli]

# 0day n0 m0re #

-- 
With R3gards,
L0rd CrusAd3r