ECShop => SQL Injection Vulnerability

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
 0      _                   __           __       __                      1
 1    /' \            __  /'__`\        /\ \__  /'__`\                    0
 0   /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___            1
 1   \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\           0
 0      \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/            1
 1       \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\            0
 0        \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/            1
 1                   \ \____/ >> Exploit database separated by exploit    0
 0                    \/___/          type (local, remote, DoS, etc.)     1
 1                                                                        1
 0   [x] Official Website: http://www.1337day.com                         0
 1   [x] Support E-mail  : mr.inj3ct0r[at]gmail[dot]com                   1
 0                                                                        0
 1                $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$              1
 0                   I'm phiA Member From Inj3ct0r TEAM                   1
 1                $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$              0
 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1

- Use it at your risk,,,
- Made In Indonesia 


-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-


# Exploit Title: ECShop => SQL Injection Vulnerability
# Date: June , 20 , 2012
# Author: phiA


-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-


# E-mail : [email protected]
# Category: [webapps] 0day
# Vendor : www.ecshop.com

# Version : 2.7.2


-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-


# Google dork: inurl:mobile/goods.php?id= intext:powered by ECShop

#Security risk : Critical
# Tested on: BackTrack 5
# Demo site: http://www.my2u.com.my/mobile/goods.php?id=34[sqli]

http://www.91pf.net/mobile/goods.php?id=3300[sqli]

http://www.gumpmall.com/mobile/goods.php?id=2920[sqli]


-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Thankz to : Indonesian Grey Hat Team, Jakarta Anonymous Club , BlackNewbie Team , Hacker Newbie ,

Yocyacarderlink , ID Back-Track , 3rr0r c0de | Pauruan cyber , DePe , Arai Maulana , NoXtra ,

Vicky , RadyaHN , X-cisadane , h3ll0s , d4ny 4rth4 ./etc

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

QUOTE :

- Indoneian people here !

- You shoul have eXpectED us !

- Janganlah ada perang lagi karena itu bukan salah kita , tapi pemerintah kita yang kurang tegas dan hanya

makan gaji buta => [Indonesian h4X0r]



#  0day.today [2018-02-18]  #