Tiendas Online SQL Injection Vulnerability

2013.09.16
Credit: Don Tukulesto
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

Tiendas Online SQL Injection Vulnerability ============================================================================= Last login: Sat Sep 14 01:59:02 on console ______ ___ ______ ___/ / / / / / / /___ ____ ___/__ / / ____ ____ _______ ____ ___/ / : / / / \/__ \/ / / / \/ \/ \/ / \/ \/ / | / / / / / / / / / / / / / /__/ / /__/ / / / / --X-- / / / / / / / / / / / / / / / /__ / __/ / / |\____/__/__/\____/\____/__/__/__/\____/__/ /__/ / /\____/\____/ : ____ \____/: / \____ ____ ____ ____ ____ | / / / \/ \/ \/ \/ --X-- Don Tukulesto / / /__/ /__/ / / /__/ /__/| / / / / / / / __/__ /__ / : /__/__/\____/\____/\____/ / / / / www.indonesiancoder.com\____/\____/ ============================================================================= [Author Info] Name : Don Tukulesto (root@indonesiancoder.com) Homepage : http://indonesiancoder.com Tested On : Os X Version 10.8.4 ================================= | Software Info | ================================= [>] Category : Web Apps [>] Vendor : http://tiendastore.net // mipagina.net [>] Software : Shopping Cart - tiendastore.net [>] Description : Design of online stores customized Internet marketing products that allow a brand or company. The best way to sell products online, the equivalent of a physical. ================================= Proof of Concept [>] http://server/cat_ver_producto.php?id_catalogo_producto=[number][INFECTED] [>] http://server/cat_lista_productos.php?id_catalogo_categoria=[number][INFECTED] ============================================================================= Indonesian Coder // Malang Cyber Crew // Exploit-ID // Kill-9 Crew [-] k4L0ng666 ~ YaDoY666 ~ Zen_Rooney ~ Xr0b0t ~ jos_ali ~ vYc0D [-] V3N0M ~ Pathloader ~ Contrex ~ Arianom ~ YOU!!! We are the watchmen, the hackers who quietly observe the scene. Get the Codes and Feel the Soul.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top