Concept E-commerce SQL Injection Vulnerability

vendor:

Concept E-commerce

by:

gendenk

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Concept E-commerce

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Ubuntu 10.04

2010

Concept E-commerce SQL Injection Vulnerability

The vulnerability exists in the product_list.php and news.php files of the Concept E-commerce website. An attacker can inject malicious SQL code into the 'id' parameter of the product_list.php and news.php files, which can be used to extract sensitive information from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.

Source

Exploit-DB raw data:

#######################################
# Concept E-commerce SQL Injection Vulnerability
#######################################

# Vendor   : http://www.conceptinternetltd.com/ecommerce.php
	     http://www.conceptinternetltd.com/brochure.php
# Software : ubuntu 10.04
# Date     : 31/07/2010
# by       : gendenk
# Site     : http://jatimcrew.org
# Dork intext : "Website by conceptinternetltd"

# Exploit : [site]/product_list.php?id=[SQL Injection]
# Exploit : [site]/news.php?id==[SQL Injection] 

#######################################
# Demo
# http://localhost/product_desc.php?id=979 [SQL Injection]
# Demo:
# http://localhost/news.php?id=[SQL Injection] 
#######################################

Dedicated For : Sekuritionline, Jatimcrew and Hacbox Crew 

Life is challanging, the fear of challanges, causing you for backwardness..Facing for the bright future..

#Thanks to : 

ALLAH SWT dan Nabi Muhammad SAW, BAPAK Koe dan Almarhum Ibu Koe....

Cyberlog, Cr4wl3r, Byz9991, Darkavanger, Newbie_Campuz,Unixcode,Bom2stalker, Phoenixhaxor, Xcyberx, Shamus and MAMA Sri Rahayu [ istri cyberlog ] Semoga Cepet Sembuh..