Droosy 1,0 (cats) Remote SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052007 漏洞类型
发布时间 2009-04-26 更新时间 2009-04-26
漏洞平台 N/A CVSS评分 N/A
# Name Of Script : Droosy Version 1,0
# Comapny Site : http://www.emides.com/our_scripts.emi?id=14

# Demo : http://ad.ae/droosy/
# Found By : RoMaNcYxHaCkEr

# Contact With Me : rxh0@hotmail.com
# My Group : Security - Codes
# My Homepage : WwW.Sec-Code.CoM
# Type Of Exploit : Remote SQL Injection By [POST Method]

# Explaintion Of Video Of This Exploit Download Here : http://www.mediafire.com/?zgtjzmznwd2

# Author has no responsibility over the damage you do with this! It,s Just Educational Manner :)
# P.O.C :

The Vulne In Cat Variable In The Main Index But The Script Is Demo And We Try To Know The Variables Of Some File And The Mod_Rewrite Making The Proplem To Identify It,s ...

The Proplem If You See The Video In Cats Variable Not On Search Box ....

Here The Result Of Search :


Copy And Post This Variable If You Have Specific Tool For POST Method Like In Video If You See It,s :) :


So We See The Error :

يبدو أن هنالك خطأ في قاعدة البيانات
الخطأ هو : تم تنفيذ عبارة SQL خاطئة
قاعدة البيانات قامت بإرجاع المعلومات التالية عن الخطأ :You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1
رقم الخطأ الذي أعادته قاعدة البيانات: 1064

So Let,s Apply This


And See The Name Of Database :


So Continue Your Work ... :)

# Solution :

Contact With Me I Will Filter This Fucking Uses :)
# rXh