SQL Injection in DCI-Taskeen

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: SQL Injection in DCI-Taskeen
From: xx_hack_xx_2004@xxxxxxxxxxx
Date: 25 Feb 2006 19:45:20 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hello
Vulnerable: DCI-Taskeen  v1.03

http://www.dci-designs.com
 

Exploit :
http://example.com/basket.php?action=addex&id=[SQL]

http://example.com/basket.php?action=[SQL]

http://example.com/basket.php?action=addr&id=[SQL]

http://example.com/cat.php?do=cat&page=1&id=[SQL]


http://example/cat.php?do=cat&page=[SQL]

Discovery by Linux_Drox

http://www.lezr.com

Best Regards

Prev by Date: PwsPHP Injection SQL on Index.php
Next by Date: Re: Amazon phishing scam on Yahoo servers
Previous by thread: Re: PwsPHP Injection SQL on Index.php
Next by thread: announcement: reporting and mitigating botnets
Index(es):
- Date
- Thread