AuctionWebScript eBay Clone SQL Injection

2013.12.10

Credit: 3spi0n

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

##################################################################################
_____ _ _ _ _____
| __ \ | | | | (_) / ____|
| |__) |_____ _____ | |_ _| |_ _ ___ _ __ | (___ ___ ___
| _ // _ \ \ / / _ \| | | | | __| |/ _ \| '_ \ \___ \ / _ \/ __|
| | \ \ __/\ V / (_) | | |_| | |_| | (_) | | | | ____) | __/ (__
|_| \_\___| \_/ \___/|_|\__,_|\__|_|\___/|_| |_| |_____/ \___|\___|
##################################################################################
auctionwebsitescript eBay Clone, SQLi Vulnerabilities
Product Page: http://www.auctionwebsitescript.com/ebay_clone.html
Script Demo: http://baysoop.auctionwebsitescript.com/
Author(Pentester): 3spi0n
On Web: RevolutionSec.Com - Janissaries.Org
On Social: Twitter.Com/eyyamgudeer
##################################################################################
[1] SQL Injection Vulnerabilities on Demo Site
[+] (index.php, show Param)
>>> http://baysoop.auctionwebsitescript.com/index.php?show=product&id='230

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

AuctionWebScript eBay Clone SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.