Projekt Shop (details.php) - exploit.company

vendor:

Projekt Shop

by:

DeadLy DeMon

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: Projekt Shop

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP 3 and Backtrack4

2010

Projekt Shop (details.php) <<= SQL injection Vulnerability

Projekt Shop is vulnerable to SQL injection via the 'ts' and 'ilceler' parameters in the details.php and arama page respectively. An attacker can inject arbitrary SQL queries and gain access to the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Sanitize user input and use parameterized queries.

Source

Exploit-DB raw data:

+Name : Projekt Shop (details.php) <<= SQL injection Vulnerability
+Autor : DeadLy DeMon
+Date : 18.12.2010
+Script : Projekt Shop
+Download : ----
+Site : http://www.mhproducts.de/php-scripte-5/projekt-shop.html
+Price : 49,90 Euro
+Language : PHP
+Tests : Windows XP SP 3 and Backtrack4 any other OS
+Discovered by DeadLy DeMon
+ Cyber - Warrior TIM =>> www.cyber-warrior.org
+Greetz to All System-Hacker, BlackApple , F0RTYS3V3N and All KinqSqlZCrew
Members
---------------------------------------------------------------------------------------

Bize kafa tutarmış büyük hacker,
Kimlik yaşı 18 akıl yaşı 1 sen giderken biz dönüyoduk
Sen emzikle emeklerken biz exploit yazıyoduk :))

KinqSqlZCrew Akar....       Aklınıza Gideriz Aklınız Gider [ Aklı olmayanlar
alınmasın sonra karışıyor :D ]

----------------------------------------------------------------------------------------

Bug ;
target/path/details.php?ts=' [Sql Inj.]
target/path/?sayfa=arama&iller=&ilceler=[SQL INJ]

---------------------------------------------------------------------------------------