Cs-Cart 2.2.1 SQL Injection

2011.09.02

Credit: Net.Edit0r

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

__________.__ __ ___ ___
\______ \ | _____ ____ | | __ / | \ ____
| | _/ | \__ \ _/ ___\| |/ / ______ / ~ \/ ___\
| | \ |__/ __ \\ \___| < /_____/ \ Y / /_/ >
|______ /____(____ /\___ >__|_ \ \___|_ /\___ /
\/ \/ \/ \/ \//_____/
.ORG
###################################################
[-] Exploit Title: Cs-Cart Ver 2.2.1 [products.php] Sql Injection Vulnerability
[-] Author: Net.Edit0r
[-] Home : Black-HG.Org
[-] Version: 2.2.1
[-] Software Link:
http://dl.p30vel.ir/CS-Cart.v2.2.1.Multi-Vendor.PHP.NULL-DGT.zip
[-] Email : Black.hat.tm[at]Gmail[dot]Com / Net.Edit0r[at]att[dot]net
[-] Date : 30/08/2011
[-] CVE : N/A
##################################################
# | Exploit :
# | http://127.0.0.1/controllers/customer/products.php?tabs_group_id=[SQL
INJECT]
##################################################
# | Greetz :
# | A.Cr0x & 3H34N & 4m!n & Cyrus & tHe.k!ll3r & Mr.XHat & Mikili
##################################################
magic_quotes_gpc :: Off
##################################################
I Love Iran And All Iranian People
##################################################

References:

http://dl.p30vel.ir/CS-Cart.v2.2.1.Multi-Vendor.PHP.NULL-DGT.zip

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Cs-Cart 2.2.1 SQL Injection

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.