# Exploit Title: Attraction Website Design Sql Injection Vulnerability
# Date: 30/10/2011 - 22:45
# Author: 3spi0n
# Software Website: http://www.attractweb.com/index.php
# Tested On: BackTrack 5 - Win7 Ultimate
# Platform: Php

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

[$] Vulnerable File: Event.php and other .php files.

[$] Dorks: "Site by Attraction Website Design"

[$] Demo Sites:

[~] http://www.runningmyraces.com/event.php?id=1870" [PhpSQLi]
[~] http://www.livingthegoodnews.runningmyraces.com/event.php?id=3344"
[PhpSQLi]

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

# We attempted to work, you can not imagine.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

# Contact: Http://3spi0n.Net/

# Greetz: Http://DarkDevilz.in/

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Mr.PaPaRoSSe  Black_Umo  ALEXTRAX  Brs_BaRoN  ZyX   x-Leader
Legend Coder  DARKCOD3R  Santiq0   53rh4t     PerS  ExDeaTH

[And DD'z Family]

[DarkDevilz - Defence And Destruction Group'z - TURKEY]

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>