Tiendas Online SQL Injection Vulnerability ============================================================================= Last login: Sat Sep 14 01:59:02 on console ______ ___ ______ ___/ / / / / / / /___ ____ ___/__ / / ____ ____ _______ ____ ___/ / : / / / \/__ \/ / / / \/ \/ \/ / \/ \/ / | / / / / / / / / / / / / / /__/ / /__/ / / / / --X-- / / / / / / / / / / / / / / / /__ / __/ / / |\____/__/__/\____/\____/__/__/__/\____/__/ /__/ / /\____/\____/ : ____ \____/: / \____ ____ ____ ____ ____ | / / / \/ \/ \/ \/ --X-- Don Tukulesto / / /__/ /__/ / / /__/ /__/| / / / / / / / __/__ /__ / : /__/__/\____/\____/\____/ / / / / www.indonesiancoder.com\____/\____/ ============================================================================= [Author Info] Name : Don Tukulesto (root@indonesiancoder.com) Homepage : http://indonesiancoder.com Tested On : Os X Version 10.8.4 ================================= | Software Info | ================================= [>] Category : Web Apps [>] Vendor : http://tiendastore.net // mipagina.net [>] Software : Shopping Cart - tiendastore.net [>] Description : Design of online stores customized Internet marketing products that allow a brand or company. The best way to sell products online, the equivalent of a physical. ================================= Proof of Concept [>] http://server/cat_ver_producto.php?id_catalogo_producto=[number][INFECTED] [>] http://server/cat_lista_productos.php?id_catalogo_categoria=[number][INFECTED] ============================================================================= Indonesian Coder // Malang Cyber Crew // Exploit-ID // Kill-9 Crew [-] k4L0ng666 ~ YaDoY666 ~ Zen_Rooney ~ Xr0b0t ~ jos_ali ~ vYc0D [-] V3N0M ~ Pathloader ~ Contrex ~ Arianom ~ YOU!!! We are the watchmen, the hackers who quietly observe the scene. Get the Codes and Feel the Soul.