Eshop Manager – Multiple SQL Injections

Exploit Database
16 阅读

作者： Number 7

日期： 2011-06-22
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/35874/

source: https://www.securityfocus.com/bid/48391/info

Eshop Manager is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. 

http://www.example.com/path/catalogue.php?id_shop=7[SQLI]
http://www.example.com/path/article.php?id_article=7[SQLI]
http://www.example.com/path/banniere.php?id_article=7[SQLI]
http://www.example.com/path/detail_news.php?id_article=7[SQLI]
http://www.example.com/path/detail_produit.php?id_shop=3&ref=200308G[SQLI]

last Exploits
Eshop Manager – Multiple SQL Injections的更多信息

WordPress Plugin video-synchro-pdf 1.7.4 – Local File Inclusion：
Interscan Web Security Virtual Appliance 5.0 – Arbitrary File Download：
Alt-N MDaemon 12.5.6/13.0.3 – Email Body HTML/JS Injection：
Class Scheduling System 1.0 – Multiple Stored XSS：
FCKEditor Core – ‘FileManager test.html’ Arbitrary File Upload (1)：
WordPress Plugin Paid Downloads 2.01 – SQL Injection：
WordPress Plugin Site Editor 1.1.1 – Local File Inclusion：
Student Study Center Management System v1.0 – Stored Cross-Site Scripting (XSS)：