Netartmedia iBoutique.MALL - SQL Injection

EDB-ID:

14094

CVE:

N/A




Platform:

PHP

Date:

2010-06-28


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

Name : Netartmedia iBoutique.MALL SQLi Vulnerability
Date : june, 28 2010
Critical Level     : HIGH
Vendor Url : http://www.netartmedia.net/mall/
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Description:
iBoutique.MALL is a powerful and flexible multi merchants php mall solution. It makes possible for the merchants to signup and create their

online stores with ease. They could start selling their good within minutes without having any html knowledge. iBoutique.MALL offers a lot of

useful functionalities for both merchants (to manage their product inventory and payments, invoice generation, statistics, ...) and

administrators, to control the whole system
###############################################################################################################

Xploit: SQLi VUlnerability

 
DEMO URL : http://server/path/index.php?mod=products&cat=[sqli]

###############################################################################################################
# 0day no more
# Sid3^effects