Tiendas Online SQL Injection

2013-09-16T00:00:00
ID PACKETSTORM:123241
Type packetstorm
Reporter Don Tukulesto
Modified 2013-09-16T00:00:00

Description

                                        
                                            `Tiendas Online SQL Injection Vulnerability  
=============================================================================  
Last login: Sat Sep 14 01:59:02 on console  
______ ___  
______ ___/ / / / /  
/ / /___ ____ ___/__ / / ____ ____ _______ ____ ___/ /  
: / / / \/__ \/ / / / \/ \/ \/ / \/ \/ /  
| / / / / / / / / / / / / / /__/ / /__/ / / / /  
--X-- / / / / / / / / / / / / / / / /__ / __/ / /  
|\____/__/__/\____/\____/__/__/__/\____/__/ /__/ / /\____/\____/  
: ____ \____/:  
/ \____ ____ ____ ____ ____ |  
/ / / \/ \/ \/ \/ --X--  
Don Tukulesto / / /__/ /__/ / / /__/ /__/|   
/ / / / / / / __/__ /__ / :  
/__/__/\____/\____/\____/ / / / /  
www.indonesiancoder.com\____/\____/   
  
=============================================================================  
[Author Info]  
Name : Don Tukulesto (root@indonesiancoder.com)  
Homepage : http://indonesiancoder.com  
Tested On : Os X Version 10.8.4  
  
  
=================================  
| Software Info |  
=================================  
[>] Category : Web Apps  
[>] Vendor : http://tiendastore.net // mipagina.net  
[>] Software : Shopping Cart - tiendastore.net  
[>] Description : Design of online stores customized Internet marketing products that allow a brand or company.  
The best way to sell products online, the equivalent of a physical.  
  
=================================  
Proof of Concept  
[>] http://server/cat_ver_producto.php?id_catalogo_producto=[number][INFECTED]  
[>] http://server/cat_lista_productos.php?id_catalogo_categoria=[number][INFECTED]  
  
=============================================================================  
Indonesian Coder // Malang Cyber Crew // Exploit-ID // Kill-9 Crew  
  
[-] k4L0ng666 ~ YaDoY666 ~ Zen_Rooney ~ Xr0b0t ~ jos_ali ~ vYc0D  
[-] V3N0M ~ Pathloader ~ Contrex ~ Arianom ~ YOU!!!  
  
We are the watchmen, the hackers who quietly observe the scene.  
Get the Codes and Feel the Soul.  
`