what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Webshop Hun 1.062S SQL Injection

Webshop Hun 1.062S SQL Injection
Posted Mar 4, 2015
Authored by Jing Wang

Webshop Hun version 1.062S suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 67ccd6d878de7bbf1e846e7515278f550b36ed0aa1980d7ea0f3d7089c236574

Webshop Hun 1.062S SQL Injection

Change Mirror Download
*Webshop hun v1.062S SQL Injection Security Vulnerabilities*


Exploit Title: Webshop hun v1.062S /index.php Multiple Parameters SQL
Injection Security Vulnerabilities
Product: Webshop hun
Vendor: Webshop hun
Vulnerable Versions: v1.062S
Tested Version: v1.062S
Advisory Publication: Mar 04, 2015
Latest Update: Mar 04, 2015
Vulnerability Type: Improper Control of Generation of Code ('Code
Injection') [CWE-94]
CVE Reference: *
Credit: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]







*Advisory Details:*


*(1) Vendor & Product Description:*


*Vendor:*
Webshop hun


*Product & Version:*
Webshop hun
v1.062S


*Vendor URL & Download:*
Webshop hun can be downloaded from here,
http://www.webshophun.hu/index


*Product Introduction:*
Webshop hun is an online product sell web application system.

"If our webshop you want to distribute your products, but it is too
expensive to find on the internet found solutions, select the Webshop Hun
shop program and get web store for free and total maker banner must display
at the bottom of the page 468x60 size. The download shop program, there is
no product piece limit nor any quantitative restrictions, can be used
immediately after installation video which we provide assistance.

"The Hun Shop store for a free for all. In our experience, the most dynamic
web solutions ranging from our country. If the Webshop Hun own image does
not suit you, you can also customize the look of some of the images and the
corresponding text replacement, or an extra charge we can realize your
ideas. The Webshop Hun pages search engine optimized. They made the Hun
Shop web program to meet efficiency guidelines for the search engines. The
pages are easy to read and contain no unnecessary HTML tags. Any web page
is simply a few clicks away."





*(2) Vulnerability Details:*
Webshop hun has a web application security bug problem. It can be exploited
by SQL Injection attacks.


*(2.1) *The vulnerability occurs at "index.php?" page with "&termid"
"&nyelv_id" parameters.







*References:*
http://www.tetraph.com/security/sql-injection-vulnerability/webshop-hun-v1-062s-sql-injection-security-vulnerabilities/
http://securityrelated.blogspot.com/2015/03/webshop-hun-v1062s-sql-injection.html
http://www.inzeed.com/kaleidoscope/computer-web-security/webshop-hun-v1-062s-sql-injection-security-vulnerabilities/
http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/webshop-hun-v1-062s-sql-injection-security-vulnerabilities/
https://itinfotechnology.wordpress.com/2015/03/04/webshop-hun-v1-062s-sql-injection-security-vulnerabilities/
http://lists.kde.org/?a=139222176300014&r=1&w=2






--
Wang Jing,
Division of Mathematical Sciences (MAS),
School of Physical and Mathematical Sciences (SPMS),
Nanyang Technological University (NTU),
Singapore.
http://www.tetraph.com/wangjing/
https://plus.google.com/u/0/+JingWang-tetraph-justqdjing/posts


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close