ScriptCase SQL Injection

2013-06-10T00:00:00
ID PACKETSTORM:121950
Type packetstorm
Reporter Hossein Hezami
Modified 2013-06-10T00:00:00

Description

                                        
                                            `#----------------------------------------------------------------------#  
# #  
# 1010101010101010101010101010101010101010101010101 #  
# 0 __ _ __ 0 #  
# 1 /'__`\ /' \/\ \ 1 #  
# 0 /\_\ \ \ __ __ /\_, \ \ \ 0 #  
# 1 \/_/_\_<_ /\ \ /\ \\/_/\ \ \ \ 1 #  
# 0 /\ \ \ \\ \ \_/ / \ \ \ \ \____ 0 #  
# 1 \ \____/ \ \___/ \ \_\ \_____\ 1 #  
# 0 \/___/ \/__/ \/_/\/_____/ 0 #  
# 1 1 #  
# 0 >> Dr.3v1l 0 #  
# 1 >> 0WebSecurity.IR 1 #  
# 0 0 #  
# 1 [+] E-Mail : B.Devils.B@gmail.com 1 #  
# 0 [+] Y! : Teacher_3v1l 0 #  
# 1 1 #  
# 0 ########################################### 0 #  
# 1 I'm 3v1l member from Black_Devils B0ys Team 1 #  
# 0 ########################################### 0 #  
# 1 1 #  
# 0101010101010101010101010101010101010101010101010 #  
# #  
#----------------------------------------------------------------------#  
# [~] Exploit Title : ScriptCase SQL Injection vulnerable #  
# [~] Date : 2013 #  
# [~] Author : Hossein Hezami ( Dr.3v1l ) #  
# [~] Software : http://www.scriptcase.net #  
# [~] Version : ALL Versions #  
# [~] E-Mail : Teacher_3v1l@yahoo.com , B.Devils.B@gmail.com #  
# [~] Site : 0WebSecurity.ir #  
# [~] Tested on : Windows XP , Windows 7 , Windows 8 #  
# [~] Google Dork : inurl:"/scelta_categoria.php?categoria=" #  
#======================================================================#  
# [+] SQL I Exploit : #  
# #  
# [Target]/[path]/scelta_categoria.php?categoria=[SQLi] #  
# #  
#----------------------------------------------------------------------#  
# [+] Demo : #  
# #  
# http://www.grossetoannunci.it/scelta_categoria.php?categoria=14 #  
# http://www.livorno-annunci.com/scelta_categoria.php?categoria=14 #  
# #  
#----------------------------------------------------------------------#  
# [+] Note : #  
# #  
# This is a simple sql injection ;) #  
# #  
#----------------------------------------------------------------------#  
# #  
# [+] Contact Me : #  
# #  
# Teacher_3v1l@yahoo.com #  
# Black_Devils.B0ys@yahoo.com #  
# Teacher.3v1l@live.com #  
# B.Devils.B@gmail.com #  
# Twitter.com/Doctor_3v1l #  
# IR.LinkedIN.com/IN/Hossein3v1l #  
# #  
#======================================================================#  
`