CoreCommerce SQL Injection

2012-03-23T00:00:00
ID PACKETSTORM:111131
Type packetstorm
Reporter ZeTH
Modified 2012-03-23T00:00:00

Description

                                        
                                            `# Exploit Title : CoreCommerce SQL injection  
# Date : 22/03/2012  
# Author : ZeTH  
# Contact : zeth/at/hacktheplan8/dot/com http://www.hacktheplan8.com  
# Vendor : http://www.corecommerce.com  
# Version : 3.0  
# d0rk : intext:"Powered by Core-Commerce"  
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::  
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::  
--[1]-- Introduction  
CoreCommerce is the full-service shopping cart solution that makes it  
easy for you to sell online. Choose from over 250+ hand-crafted,  
professionally made themes for your store to get that look that's just  
right.  
  
--[2]-- Vulnerability  
File : index.php  
Attack Method : remote SQL injection  
POC : http://site/catalogue/index.php?id=SQLi  
  
--[3]-- Greetz  
MainHack Brotherhood, Kecoak Elektronik, Echo  
Paman, Vrs-hCk, OoN_BoY, em|nem, [S]hiro, Martin, xshadow, ElDiablo,  
Furkan, Pizzyroot, H312Y  
  
`