# Exploit Title: Prime RADIO SQLi Vulnerability # Date: 09/02/2012 # Author: Persia Security Group - (Prince & mafia1990) # Vendor Homepage: http://www.primeradio.com.au/ # Version: All Version # Google Dork: intext:prime radio site:.au # Tested on: CentOS 5.7,Ubuntu,Debian ========================================================================================== Vulnerability Details ========================================================================================== /*********/ intext:prime radio site:.au /*********/ This website published for Radio Station have SQLi vulnerability in param[ID] && ==> .!.. Technology: PHP & Mysql Example: http://www.site.com/feature.php?Title=.!..&ID=175[SQLi] http://www.site.com/feature.php?ID=XX[SQLi] Demo: http://www.radiozinc.com.au/mackay/feature.php?ID=10 http://www.radiozinc.com.au/mackay/feature.php?Title=Busby%20Marou%20Mini%20Concert!&ID=175 ==========================================================================================