header-logo
Suggest Exploit
vendor:
iBoutique.MALL
by:
Sid3^effects aKa HaRi
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: iBoutique.MALL
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Netartmedia iBoutique.MALL SQLi Vulnerability

iBoutique.MALL is a powerful and flexible multi merchants php mall solution. It makes possible for the merchants to signup and create their online stores with ease. They could start selling their good within minutes without having any html knowledge. iBoutique.MALL offers a lot of useful functionalities for both merchants (to manage their product inventory and payments, invoice generation, statistics, ...) and administrators, to control the whole system. The exploit is demonstrated by a URL http://server/path/index.php?mod=products&cat=[sqli]

Mitigation:

Input validation and sanitization should be done to prevent SQL injection attacks.
Source

Exploit-DB raw data:

Name : Netartmedia iBoutique.MALL SQLi Vulnerability
Date : june, 28 2010
Critical Level     : HIGH
Vendor Url : http://www.netartmedia.net/mall/
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Description:
iBoutique.MALL is a powerful and flexible multi merchants php mall solution. It makes possible for the merchants to signup and create their

online stores with ease. They could start selling their good within minutes without having any html knowledge. iBoutique.MALL offers a lot of

useful functionalities for both merchants (to manage their product inventory and payments, invoice generation, statistics, ...) and

administrators, to control the whole system
###############################################################################################################

Xploit: SQLi VUlnerability

 
DEMO URL : http://server/path/index.php?mod=products&cat=[sqli]

###############################################################################################################
# 0day no more
# Sid3^effects

Navigation

Suggest Exploit

Services By CQR