Free Advertisment cms (user_info.php) SQL Injection Vulnerability

2010-05-11T00:00:00
ID 1337DAY-ID-12196
Type zdt
Reporter XroGuE
Modified 2010-05-11T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =================================================================
Free Advertisment cms (user_info.php) SQL Injection Vulnerability
=================================================================

##########################################
# Name: Free Advertisment cms (user_info.php) SQL Injection Vulnerability
# Date: 2010-05-11
# vendor: http://www.laserayaneh.com
# Author: Ashiyane Digital Security Team
# Thanks to: khodam :P, Satanic2000,Veron, ... And All Ashiyane Members ...
# Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com
# Home: www.Ashiyane.org
##########################################

[+] Dork: " inurl: user_info.php?user_id= "  Or  " inurl: index.php?catid= "


[+] Vulnerability:

                    www.site.com/[path]/user_info.php?user_id=[SQLi]
                    www.site.com/[path]/index.php?catid=[SQLi]

[+] Live Demo:

                   http://www.tanit.ir/user_info.php?user_id=[SQLi]
                   http://www.rahnema.com/index.php?catid=[SQLi]

##########################################



#  0day.today [2018-01-09]  #