Prime Radio suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
4bfff529bfb8d270ef11b2daef30ef5847219c23f5b93d6927ed06f22f5e91bb
# Exploit Title: Prime RADIO SQLi Vulnerability
# Date: 09/02/2012
# Author: Persia Security Group - (Prince & mafia1990)
# Vendor Homepage: http://www.primeradio.com.au/
# Version: All Version
# Google Dork: intext:prime radio site:.au
# Tested on: CentOS 5.7,Ubuntu,Debian
==========================================================================================
Vulnerability Details
==========================================================================================
/*********/
intext:prime radio site:.au
/*********/
This website published for Radio Station
have SQLi vulnerability in param[ID] && ==> .!..
Technology: PHP & Mysql
Example:
http://www.site.com/feature.php?Title=.!..&ID=175[SQLi]
http://www.site.com/feature.php?ID=XX[SQLi]
Demo:
http://www.radiozinc.com.au/mackay/feature.php?ID=10
http://www.radiozinc.com.au/mackay/feature.php?Title=Busby%20Marou%20Mini%20Concert!&ID=175
==========================================================================================