Exploit QuickEStore 7.9 - SQL Injection / Full Path Disclosure Download

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
10771
Проверка EDB
  1. Пройдено
Автор
INDOUSHKA
Тип уязвимости
WEBAPPS
Платформа
ASP
CVE
N/A
Дата публикации
2009-12-29
Код:
========================================================================================                  
| # Title    : QuickEStore v.7.9 SQLInjection and Path Diclosure Download Vulnerability|
| # Author   : indoushka                                                               |
| # email    : [email protected]                                                   |
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)       |
| # Web Site : www.iq-ty.com                                                           |
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       |
| # Bug      : SQL Injection                                                            | 
======================      Exploit By indoushka       =================================
| # Exploit  : 
| 
| Vulnerability description
| Input passed to the "CategoryID" parameter in prodpage.cfm, the "SubCatID" parameter in index.cfm, the "OrderID" parameter in shipping.cfm, and to the "ItemID" parameter in proddetail.cfm is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 
|
| Note that error messages disclose the full installation path. 
|
| Examples:
|/prodpage.cfm?CFID=&CFTOKEN=&CategoryID=[SQL]
|/index.cfm?CFID=1&CFTOKEN=1&SubCatID=[SQL]
|/proddetail.cfm?CFID=1&CFTOKEN=1&ItemID=[SQL]
|/checkout.cfm?CFID=&CFTOKEN=&OrderID=[SQL]
|/shipping.cfm?CFID=&CFTOKEN=&OrderID=[SQL]
|Confirmed in version 7.9. Other versions may also be affected.
|This vulnerability affects /sm-ak051/prodpage.cfm. 
|The impact of this vulnerability:
|The remote attacker can manipulate SQL queries by injecting arbitrary SQL code.
|Attack details:
|No details .
================================   Dz-Ghost Team   ========================================
Greetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 |
Rafik (Tinjah.com) * Yashar (sc0rpion.ir) * Silitoad * redda * mourad (dgsn.dz) 
* Stake (v4-team) * Angel25dz (hackteatch.com)
-------------------------------------------------------------------------------------------
 
Источник
www.exploit-db.com

Похожие темы