E-Store (1.0 & 2.0) <= SQL Injection Vulnerability

2014-03-06T00:00:00
ID 1337DAY-ID-21986
Type zdt
Reporter Alkeraithe
Modified 2014-03-06T00:00:00

Description

SQL Injection Vulnerability in the "E-Store 1&2" scripts which is developed by UAEPD.#### Usage Info For "E-store 1.0": http://[target]/page.php?id=[SQL Injection] For "E-store 2.0": http://[target]/news.php?id=[SQL Injection]

                                        
                                            # Exploit Author: Nawaf Alkeraithe
======================================
for "E-store 1.0":
# Google Dork: "Powered by: PD" inurl:"page.php?id"
#Vulnerable page:
http://[target]/page.php?id=[SQL Injection]
======================================
for "E-store 2.0":
# Google Dork: "Powered by: PD" inurl:"news.php?id"
#Vulnerable page:
http://[target]/news.php?id=[SQL Injection]


# demos:
http://www.nourita.com/page.php?id=[Sqli]
http://www.gorgeous.ae/news.php?id=[Sqli]
http://www.henna.ae/news.php?id=[Sqli]



#Contact:
email: Alkeraithe@gmail.com
twitter: https://twitter.com/Alkeraithe

#  0day.today [2016-04-20]  #