==============================================================================


  [o] ellistonSPORT Multiple SQL Injection Vulnerability

       Software : ellistonSPORT
       Vendor   : http://ellistonsport.com/
       Demo     : http://demo.ellistonsport.com/index.php
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Blog     : http://evilc0de.blogspot.com/


==============================================================================


  [o] Description
       ellistonSPORT is a leading online service providing
       professionally designed, easy to update websites for sports clubs and
       teams around the world.



  [o] Vulnerable file

       showPlayer.php
       showPage.php
       showNews.php



  [o] Exploit

       http://localhost/[path]/showPlayer.php?id=[SQL]
       http://localhost/[path]/showPage.php?id=[SQL]
       http://localhost/[path]/showNews.php?id=[SQL]



  [o] Dork

       "Powered by ellistonSPORT"


==============================================================================


  [o] Greetz

       Anti Security [ http://antisecurity.org ]
       Vrs-hCk OoN_BoY Paman zxvf Angela Zhang aJe
       H312Y yooogy mousekill }^-^{ martfella noname s4va
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke


  [o] Notes

       Vendor hess been contacted and ths bug is fixed


==============================================================================