header-logo
Suggest Exploit
vendor:
ZoGo-Shop plugin
by:
NoGe
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: ZoGo-Shop plugin
Affected Version From: 1.15.4
Affected Version To: 1.15.4
Patch Exists: YES
Related CWE: N/A
CPE: e107:zogo-shop
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

ZoGo-Shop e107 plugins 1.15.4 SQL Injection Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'product' parameter to '/e107_plugins/zogo-shop/product_details.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database, cause denial of service or compromise a vulnerable system.

Mitigation:

Update to version 1.15.5 or later.
Source

Exploit-DB raw data:

=========================================================================================


  [o] ZoGo-Shop e107 plugins 1.15.4 SQL Injection Vulnerability

       Software : ZoGo-Shop plugin version 1.15.4
       Vendor   : http://e107.org/
       Download : http://plugins.e107.org/e107_plugins/psilo/psilo.php?artifact.89
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Blog     : http://evilc0de.blogspot.com


=========================================================================================


  [o] Vulnerable file

       e107_plugins/zogo-shop/product_details.php

        $product_ID=$_GET["product"];



  [o] Exploit

       http://localhost/[path]/e107_plugins/zogo-shop/product_details.php?product=[SQL]



  [o] Dork

       "Powered by ZoGo-Shop" or "e107_plugins/zogo-shop/product_details.php"


=========================================================================================


  [o] Greetz

       MainHack BrotherHood [ http://serverisdown.org/blog/]
       Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 loqsa
       H312Y yooogy mousekill }^-^{ kaka11 martfella
       skulmatic olibekas ulga Cungkee k1tk4t str0ke

        
=========================================================================================

# milw0rm.com [2008-11-22]

Navigation

Suggest Exploit

Services By CQR