Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormRoAd_KiLlErPACKETSTORM:94348
HistorySep 29, 2010 - 12:00 a.m.

BPJewelry Store SQL Injection

2010-09-2900:00:00
RoAd_KiLlEr
packetstormsecurity.com
32
JSON
`-----------------------------------------------------------------------------------------  
BPJewelry Store SQL-i Vulnerability  
-----------------------------------------------------------------------------------------  
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : Inj3ct0r.com 0  
1 [+] Support e-mail : submit[at]inj3ct0r.com 1  
0 0  
1 ########################################### 1  
0 I'm **RoAd_KiLlEr** member from Inj3ct0r Team 1  
1 ########################################### 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
  
[+]Title BPJewelry Store SQL-i Vulnerability  
[+]Author **RoAd_KiLlEr**  
[+]Contact RoAd_KiLlEr[at]Khg-Crew[dot]Ws  
[+]Tested on Win Xp Sp 3  
---------------------------------------------------------------------------  
[~] Founded by **RoAd_KiLlEr**  
[~] Team: Albanian Hacking Crew  
[~] Home: http://inj3ct0r.com/author/2447   
[~] Version: 1.0  
[~] License: GNU GPL  
[~] Price: $39.50 <== L0lz  
[~] Vendor: http://bpowerhouse.info/jewelry-site-script.htm  
==========ExPl0iT3d by **RoAd_KiLlEr**==========  
  
[+]Description:  
BPJewelry is a script for building an online multi language jewelry store where customers can choose a category and purchase products online. Customers can add items to shopping cart and view cart content. Payments are done by paypal, other payment gateways can be integrated. Site administrator can view and manage products and orders.  
=========================================  
  
[+] Dork: inurl:"No Script Kiddies Allowed Heree"  
  
==========================================  
  
  
[+]. SQL-i Vulnerability  
=+=+=+=+=+=+=+=+=+  
  
[Exploit]: http://127.0.0.1/bpjewelry/index.php?page=menu&cid=[SQL Injection]   
  
  
  
  
[Live DemO]: http://www.bpowerhouse.com/demos/bpjewelry/index.php?page=menu&cid=[SQL Injection]  
  
  
  
===========================================================================================  
[!] Albanian Hacking Crew   
===========================================================================================  
[!] **RoAd_KiLlEr**   
===========================================================================================  
[!] MaiL: sukihack[at]gmail[dot]com  
===========================================================================================  
[!] Greetz To : Ton![w]indowS | X-n3t | b4cKd00r ~ | The|DennY` | EaglE EyE | THE_1NV1S1BL3 & All Albanian/Kosova Hackers   
===========================================================================================  
[!] Spec Th4nks: r0073r | indoushka | Sid3^effects| L0rd CruSad3r | SONIC | MaFFiTeRRoR | All Inj3ct0r.com Members | And All My Friendz  
===========================================================================================  
[!] Red n'black i dress eagle on my chest  
It's good to be an ALBANIAN  
Keep my head up high for that flag I die  
Im proud to be an ALBANIAN  
===========================================================================================  
`
JSON