Minmax suffers from a remote SQL injection vulnerability.
3c5fba7a81330121225fa2f5c04e7c1bc9567e05fa83a5ecc9fe5fa5348703e5
# Exploit Title: minmax SQL INJECTION Vulnerabilities
# Date: 14/09/2011
# Author: nGa Sa Lu [ N-S-L ]
# Service Link: http://minmax.biz
# Tested on: Vista
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Google Dork: intext:"Design by MINMAX."
# www.site.com/productsinfo.php?ID=[SQL]
# SQL Error Statement
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' Order by UpdateTime Desc' at line 5
# Demo:
http://minmax.biz/webShow.php?type=[SQL]
http://www.mightyjaw.com/productsinfo.php?KindID=2&ID=[SQL]
http://www.purefishing.com.tw/productsinfo.php?BrandID=5&TypeID=2&CateID=3&ID=[SQL]
1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx0
0xxxxx(Greetz t0 all M1RT crew, Shadow008 and hackall [dot] net members), alb0r44q [dot] com xxxxxxxxxxxxxxxxxx1
1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx0