XOS Shop 1.0RC7o SQL Injection

2014.01.24
Credit: JoKeR_StEx
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################################################ # Exploit Title: XOS Shop_v1.0_rc7o Sql Injection Vulnerability # Date: 23/01/2014 # Exploit Author: JoKeR_StEx # Vendor Homepage: http://www.xos-shop.com/ # Software Link: http://xos-shop.com/main/index.php/cPath/25/ # Version: v1.0 rc7o # Tested on: Windows PHP Version 6.0.0-dev # CVE : [~] ################################################################################## [-] Description : XOS Shop is affected by Sql Injection Vulnerability The Attacker Can inject some MYSQl and exploit it(get content of db) [+] VUlnerability : Affected File ==> redirect.php Line 47;53 <? switch($_GET['action']){ 47: case 'url': 48: if (isset($_GET['goto']) && xos_not_null($_GET['goto'])) { 49: $check_query = xos_db_query("select products_url from " . TABLE_PRODUCTS_DESCRIPTION . " where products_url = '" . xos_db_input($_GET['goto']) . "' limit 1"); 50: if (xos_db_num_rows($check_query)) { 51: xos_redirect('http://' . $_GET['goto']) 52: break; 53: } ?> [-]Exploit http://127.0.0.1/Xoshop/shop/redirect.php?action=url&goto=' http://127.0.0.1/Xoshop/shop/redirect.php?action=url&goto=[SQLI] ################################################################################### # Gr33ting's : Asesino04 , Shield Dz , Drr.0ryx & All My Friedns ################################################################################### eamil : jokerdz44@yahoo.fr Facebook : fb.me/imadlilong.lasvegas Twitter : @JoKeR_StEx


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top