Sites designed by Pop Creative Ltd suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data. The authors of the software have contacted Packet Storm on 02/04/2013 and have noted that the issue has been resolved.
f47a18fe11f1b72f5688c9b9c27a71d2f06d1861541f7bede6efec8206499579
=================================================
# [~] Exploit Title: Pop Creative Ltd SQL Injection
Bug
# [~] Google Dork : intext:Website Designed, Developed and maintained by
Pop Creative Ltd
inurl:event.php?id=
# [~] Exploit
Author:FarbodEZRaeL
# [~] Version: ALL
Versions
# [~] Tested on:XP
# [~] Support WebSite :www.popcreative.co.uk
=================================================
# [+] SQL Exploit
:
# http://WebSite.Com/[path]/event.php?id=[SQLi]
# [+] Demo
:
# http://www.llangollen-railway.co.uk/event.php?id=127
=================================================
# Tnx to
# Mr.XpR -UnknowN - Syamak Black - Samim.s
# Love War - IRIST All iranian Hackerz
================================================
# HomePage:www.Iranhack.org
================================================