49 lines
No EOL
1.3 KiB
Text
49 lines
No EOL
1.3 KiB
Text
=========================================================================================
|
|
|
|
|
|
[o] ZoGo-Shop e107 plugins 1.15.4 SQL Injection Vulnerability
|
|
|
|
Software : ZoGo-Shop plugin version 1.15.4
|
|
Vendor : http://e107.org/
|
|
Download : http://plugins.e107.org/e107_plugins/psilo/psilo.php?artifact.89
|
|
Author : NoGe
|
|
Contact : noge[dot]code[at]gmail[dot]com
|
|
Blog : http://evilc0de.blogspot.com
|
|
|
|
|
|
=========================================================================================
|
|
|
|
|
|
[o] Vulnerable file
|
|
|
|
e107_plugins/zogo-shop/product_details.php
|
|
|
|
$product_ID=$_GET["product"];
|
|
|
|
|
|
|
|
[o] Exploit
|
|
|
|
http://localhost/[path]/e107_plugins/zogo-shop/product_details.php?product=[SQL]
|
|
|
|
|
|
|
|
[o] Dork
|
|
|
|
"Powered by ZoGo-Shop" or "e107_plugins/zogo-shop/product_details.php"
|
|
|
|
|
|
=========================================================================================
|
|
|
|
|
|
[o] Greetz
|
|
|
|
MainHack BrotherHood [ http://serverisdown.org/blog/]
|
|
Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 loqsa
|
|
H312Y yooogy mousekill }^-^{ kaka11 martfella
|
|
skulmatic olibekas ulga Cungkee k1tk4t str0ke
|
|
|
|
|
|
=========================================================================================
|
|
|
|
# milw0rm.com [2008-11-22] |