ellistonSPORT suffers from multiple remote SQL injection vulnerabilities.
13e1b8534d82676f67d1d881b82b25b503fb59f7f4619cdbde6e376ac03126e5
==============================================================================
[o] ellistonSPORT Multiple SQL Injection Vulnerability
Software : ellistonSPORT
Vendor : http://ellistonsport.com/
Demo : http://demo.ellistonsport.com/index.php
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com/
==============================================================================
[o] Description
ellistonSPORT is a leading online service providing
professionally designed, easy to update websites for sports clubs and
teams around the world.
[o] Vulnerable file
showPlayer.php
showPage.php
showNews.php
[o] Exploit
http://localhost/[path]/showPlayer.php?id=[SQL]
http://localhost/[path]/showPage.php?id=[SQL]
http://localhost/[path]/showNews.php?id=[SQL]
[o] Dork
"Powered by ellistonSPORT"
==============================================================================
[o] Greetz
Anti Security [ http://antisecurity.org ]
Vrs-hCk OoN_BoY Paman zxvf Angela Zhang aJe
H312Y yooogy mousekill }^-^{ martfella noname s4va
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke
[o] Notes
Vendor hess been contacted and ths bug is fixed
==============================================================================